beenull/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
48972 commits 14 branches 412 tags 338 MiB
Commit graph

5698 commits

Author SHA1 Message Date
Michael Crosby
adbe3096e8 Add cpuset cpus support for docker 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-13 18:17:12 -07:00
cyphar
79ca77f3e8 integration-cli: cp: added tests for cp 
This patch adds integration tests for the copying of resources
from a container, to ensure that regressions in the security of
resource copying can be easily discovered.

Docker-DCO-1.1-Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
 2014-05-14 11:14:59 +10:00
Fabio Falci
7cc27b2075 Integration test for link and unlink containers 
Docker-DCO-1.1-Signed-off-by: Fabio Falci <fabiofalci@gmail.com> (github: fabiofalci)
 2014-05-11 21:33:01 +01:00
LK4D4
91b7d8ebd3 Change owner only on copied content 
Fixes #5110
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-05-07 20:40:22 +04:00
cyphar
924979259e integration-cli: docker_cli_links: fixed broken tests 
The tests weren't ... tested when last edited, this patch fixes
them so that they run and pass correctly.

Docker-DCO-1.1-Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
 2014-05-07 01:05:15 +10:00
Solomon Hykes
dc605c8be7 Simplify integration test for link + hostname. 
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
 2014-05-05 19:51:47 -07:00
Bryan Murphy
53f38a14cd add linked containers to hosts file 
Docker-DCO-1.1-Signed-off-by: Bryan Murphy <bmurphy1976@gmail.com> (github: bmurphy1976)

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Tested-by: Solomon Hykes <solomon@docker.com> (github: shykes)
 2014-05-05 19:40:27 -07:00
Jérôme Petazzoni
1c4202a614 Mount /proc and /sys read-only, except in privileged containers. 
It has been pointed out that some files in /proc and /sys can be used
to break out of containers. However, if those filesystems are mounted
read-only, most of the known exploits are mitigated, since they rely
on writing some file in those filesystems.

This does not replace security modules (like SELinux or AppArmor), it
is just another layer of security. Likewise, it doesn't mean that the
other mitigations (shadowing parts of /proc or /sys with bind mounts)
are useless. Those measures are still useful. As such, the shadowing
of /proc/kcore is still enabled with both LXC and native drivers.

Special care has to be taken with /proc/1/attr, which still needs to
be mounted read-write in order to enable the AppArmor profile. It is
bind-mounted from a private read-write mount of procfs.

All that enforcement is done in dockerinit. The code doing the real
work is in libcontainer. The init function for the LXC driver calls
the function from libcontainer to avoid code duplication.

Docker-DCO-1.1-Signed-off-by: Jérôme Petazzoni <jerome@docker.com> (github: jpetazzo)
 2014-05-01 15:26:58 -07:00
Alexandr Morozov
d1297feef8 Timestamps for docker logs. 
Fixes #1165
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
 2014-05-01 20:40:36 +04:00
Michael Crosby
e88ef454b7 Merge pull request #5464 from tianon/close-leftover-fds 2014-04-30 12:27:52 -07:00
Tianon Gravi
d5d62ff955 Close extraneous file descriptors in containers 
Without this patch, containers inherit the open file descriptors of the daemon, so my "exec 42>&2" allows us to "echo >&42 some nasty error with some bad advice" directly into the daemon log. :)

Also, "hack/dind" was already doing this due to issues caused by the inheritance, so I'm removing that hack too since this patch obsoletes it by generalizing it for all containers.

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
 2014-04-29 16:45:28 -06:00
Tibor Vass
e9a42a45bf Fixes #5152 : symlink in volume path 
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
 2014-04-28 13:18:12 -07:00
Michael Crosby
90678b3133 Update create with apparmor import 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-24 10:35:20 -07:00
Michael Crosby
81e5026a6a No not mount sysfs by default for non privilged containers 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-24 10:35:20 -07:00
unclejack
2931979a5d Merge pull request #5304 from vieux/convert_rm_tests 
convert so rm tests to integration-cli
 2014-04-18 21:11:18 +03:00
Victor Vieux
fcbc717f9a convert so rm tests to integration-cli 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
 2014-04-18 17:40:12 +00:00
Michael Crosby
296fcf331f Port privileged tests 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-18 03:20:17 +00:00
Michael Crosby
caad45d0ed Port networking tests 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-18 03:12:27 +00:00
Michael Crosby
47510bd6eb Port environment test 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-18 02:53:08 +00:00
Michael Crosby
e2ed4b9077 Port user tests and concurrent tests 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-18 02:47:39 +00:00
Michael Crosby
03993eb534 Port volumes and exit code tests 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-18 02:34:10 +00:00
Michael Crosby
6beb858fb0 Update commit test in cli 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-18 02:24:19 +00:00
Michael Crosby
72f49e554f Port multiple attach test to cli tests 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-18 02:14:00 +00:00
Michael Crosby
76a19bb3a9 Add test verify container ID 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-18 01:58:20 +00:00
Alexander Larsson
359b7df5d2 Rename runtime/* to daemon/* 
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-04-17 14:43:01 -07:00
Michael Crosby
8e67197267 Merge pull request #5248 from unclejack/more_info_testtop 
provide more information when TestTop tests fail
 2014-04-16 18:54:04 -07:00
unclejack
3ac90aeed5 provide more information when TestTop tests fail 
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
 2014-04-17 03:39:15 +03:00
Victor Vieux
925dfdb18a Merge pull request #5246 from crosbymichael/fix-mount 
Fix unmount when host volume is removed
 2014-04-16 17:28:37 -07:00
Guillaume J. Charmes
1775ed8c75
Add integration test for hairpin nat 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
 2014-04-16 14:50:11 -07:00
Michael Crosby
39103e72a3 Fix unmount when host volume is removed 
Fixes #5244
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-14 12:43:01 +00:00
Michael Crosby
031fcb31d3 Setup cgroups for all subsystems 
Fixes #5117
Fixes #5118
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-11 17:28:27 +00:00
Michael Crosby
af9746412b Move volumesfrom to hostconfig 
This also migrates the volumes from integration tests into the new cli
integration test framework.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-08 21:45:06 +00:00
Michael Crosby
b6042f252d Ensure that ro mounts are remounted 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-07 18:23:22 -07:00
Solomon Hykes
30f22ee9e3 Convert a legacy integration test to a clean v2 CLI integration test. 
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
 2014-04-07 20:34:21 +00:00
unclejack
e09274476f cli integration: sync container & image deletion 
This makes container and image removal in the tests run synchronously.

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
 2014-04-04 03:22:32 +03:00
Michael Crosby
a9d6eef238 Remove racy test causing tests to stall 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-04-02 13:22:51 +00:00
Alexander Larsson
bd94f84ded Fix --volumes-from mount failure 
As explained in https://github.com/dotcloud/docker/issues/4979
--volumes-from fails with ENOFILE errors.

This is because the code tries to look at the "from" volume without
ensuring that it is mounted yet. We fix this by mounting the containers
before stating in it.

Also includes a regression test.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-04-03 19:33:20 +02:00
Guillaume J. Charmes
b246fc33ae
Add API version to docker version 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
 2014-04-01 17:30:19 -07:00
Victor Vieux
dcf2b72f5b add test 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
 2014-04-01 21:07:40 +00:00
Guillaume J. Charmes
f6f059d99a Merge pull request #4929 from crosbymichael/volume-abs-path 
Force abs paths for host volumes
 2014-03-31 15:19:30 -07:00
unclejack
e76113be6c Merge pull request #4925 from creack/fix_logs 
Fix expending buffer in StdCopy
 2014-03-31 23:15:07 +03:00
unclejack
cd0a907325 Merge pull request #4930 from vieux/fix_regression_import 
Fix regression import
 2014-03-31 23:12:39 +03:00
Guillaume J. Charmes
5fb28eab3e
Add regression test 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
 2014-03-31 13:12:22 -07:00
Victor Vieux
b430f4f45b add test 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
 2014-03-31 19:31:21 +00:00
Michael Crosby
904bf049c1 Force abs paths for host volumes 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-31 19:10:19 +00:00
Michael Crosby
51d9a04f17 Make sure to set error reguardless of attach or stdin 
Fixes #3364
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-31 18:33:14 +00:00
Michael Crosby
28015f8e57 Add integration test for volumes-from as file 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-03-31 17:42:34 +00:00
unclejack
6db32fdefd initial version of cli integration tests 
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
 2014-03-29 23:09:40 +02:00