Commit graph

35 commits

Author SHA1 Message Date
Sebastiaan van Stijn
65cfcc28ab
hack/dind: update comments around AppArmor
Provide more context to the steps we're doing.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-27 14:48:51 +01:00
sebthom
d58df1fc6c Update blogpost URL
Signed-off-by: sebthom <sebthom@users.noreply.github.com>
2023-05-29 22:37:09 +02:00
Cory Snider
1f32e3c95d Add integration test for #38995, #43390
Modify the DinD entrypoint scripts to make the issue reproducible inside
a DinD container.

Co-authored-by: Bjorn Neergaard <bneergaard@mirantis.com>
Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-10-26 12:04:37 -04:00
Akihiro Suda
42b1175eda
hack/dind: fix cgroup v2 evacuation with docker run --init
Evacuate all the processes in `/sys/fs/cgroup/cgroup.procs`, not just PID 1.

Before:
```console
$ docker run --rm --privileged --init $(docker build -q .) cat /sys/fs/cgroup/cgroup.subtree_control
sed: couldn't flush stdout: Device or resource busy
```

After:
```console
$ docker run --rm --privileged --init $(docker build -q .) cat /sys/fs/cgroup/cgroup.subtree_control
cpuset cpu io memory hugetlb pids rdma
```

Fix docker-library/docker issue 308

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-04-28 13:30:10 +09:00
Akihiro Suda
ed89041433
test-integration: support cgroup2
Usage: DOCKER_BUILD_ARGS="--build-arg CONTAINERD_COMMIT=master --build-arg RUNC_COMMIT=master" DOCKER_EXPERIMENTAL=1 TEST_SKIP_INTEGRATION_CLI=1 make test-integration

Depends on containerd master (v1.4) and runc master (v1.0.0-rc91).

Currently `TEST_SKIP_INTEGRATION_CLI=1` must be specified.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-06-22 14:17:45 +09:00
Sebastiaan van Stijn
37498f009d
Shell scripts: fix bare variables
This makes my IDE a bit more silent :-)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-01-10 02:50:47 +01:00
Sebastiaan van Stijn
c3650770cc
Revert "Bash scripts; use double brackets, fix bare variables, add quotes"
This reverts commit 297b30df5f.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-01-10 02:23:38 +01:00
Sebastiaan van Stijn
297b30df5f
Bash scripts; use double brackets, fix bare variables, add quotes
These scripts explicitly use Bash, so we should be able to use
`[[` instead of `[` (which seems to be recommended).

Also added curly brackets to some bare variables, and quoted some paths.

This makes my IDE a bit more silent :-)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-12-24 00:05:14 +01:00
Tianon Gravi
52379fa76d Convert script shebangs from "#!/bin/bash" to "#!/usr/bin/env bash"
This is especially important for distributions like NixOS where `/bin/bash` doesn't exist, or for MacOS users who've installed a newer version of Bash than the one that comes with their OS.

Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
2017-02-13 11:01:54 -08:00
srinsriv
27afaf3774 Update dind
Typo

Signed-off-by: Srinivasan Srivatsan <srinivasan.srivatsan@hpe.com>
2016-05-24 20:42:28 -07:00
Alexander Morozov
81aa1b507f Remove cgroups mounting in dind
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-11-16 17:10:53 -08:00
David Calavera
3b5fac462d Remove LXC support.
The LXC driver was deprecated in Docker 1.8.
Following the deprecation rules, we can remove a deprecated feature
after two major releases. LXC won't be supported anymore starting on Docker 1.10.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-11-05 17:09:57 -05:00
Sven Dowideit
4e899d64e0 Missing a single dash in error message
Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>
2015-10-11 22:46:14 -07:00
Tianon Gravi
b8bed8832b Update dind "/tmp" mounting to be optional
This allows someone running the image to use `-v` to mount a non-tmpfs `/tmp` into their image if they so require/desire.

Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
2015-08-21 15:47:50 -07:00
Jessica Frazelle
c48ac77840 update hack/dind for 1.8 mounting of cgroups
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2015-08-21 11:13:33 -07:00
Jörg Thalheim
ac20568b0a hack: quote all parameters with variable interpolation
better safe then sorry. especially for rm

Signed-off-by: Jörg Thalheim <joerg@higgsboson.tk>
2015-04-15 10:14:14 +02:00
Eric Windisch
723d43387a HTTPS urls for ./hacking
Signed-off-by: Eric Windisch <eric@windisch.us>
2015-04-11 13:22:16 -04:00
Pavel Tikhomirov
d322cd5dcb docker-tests: mount hierarchies and make symlinks for subsystems
Docker does not know about our named cpuacct,cpu,cpuset cgroup
hierarchy with multiple subsystems in it. So to use them with docker
in integration-cli test TestRunWithCpuset inside docker container
we need to add symlinks to them in hack/dind script.

Example:
old version of parser will do:
	cat /proc/1/cgroup
	11:cpu,cpuacct,name=my_cpu_cpuacct:/
	...
and create and mount this hierarchy to directory
	/cgroup/cpu,cpuacct,name=my_cpu_cpuacct/
so docker cannot find it because it has strange name

in new parser directory will be same as on host
	/cgroup/my_cpu_cpuacct
and have symlinks for docker to find it
	/cgroup/cpu	-> /cgroup/my_cpu_cpuacct
	/cgroup/cpuacct	-> /cgroup/my_cpu_cpuacct

in other case if where is no name
	cat /proc/1/cgroup
	11:cpu,cpuacct:/
	...
mount will be same for both parsers
	/cgroup/cpu,cpuacct
and new one will also create symlinks
	/cgroup/cpu	-> /cgroup/cpu,cpuacct
	/cgroup/cpuacct	-> /cgroup/cpu,cpuacct

Signed-off-by: Pavel Tikhomirov <ptikhomirov@parallels.com>
2015-03-31 15:49:10 +03:00
Tianon Gravi
949a21b55f Move scripts back to hack/, leave docs in project/
This also removes the now-defunct `*maintainer*.sh` scripts that don't work with the new TOML format, and moves a couple not-build-or-release-related scripts to `contrib/` instead.

Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
2015-03-13 14:04:08 -06:00
Solomon Hykes
32e61b8f5c Move 'hack' to the less confusing 'project'
We might want to break it up into smaller pieces (eg. tools in one
place, documents in another) but let's worry about that later.

Signed-off-by: Solomon Hykes <solomon@docker.com>
2014-11-09 21:50:28 +00:00
Victor Vieux
b3ee9ac74e update go import path and libcontainer
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
2014-07-24 22:19:50 +00:00
SvenDowideit
fa29b1f062 I'm going to wish I didn't do this
Docker-DCO-1.1-Signed-off-by: SvenDowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
2014-07-03 10:31:56 +10:00
Jérôme Petazzoni
29f1efc940 Merge pull request #5463 from tianon/hack-dind-cgroup
Update hack/dind to mount cgroups on "/cgroup" instead of "/sys/fs/cgroup" for better compatibility
2014-05-09 13:54:52 -07:00
Jérôme Petazzoni
b3ff1c55e3 Merge pull request #5462 from tianon/hack-dind-style
Update hack/dind to match the rest of our scripts
2014-05-02 14:43:56 -07:00
Victor Vieux
de191e8632 skip apparmor with dind
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
2014-05-01 22:22:08 +00:00
Tianon Gravi
d5d62ff955 Close extraneous file descriptors in containers
Without this patch, containers inherit the open file descriptors of the daemon, so my "exec 42>&2" allows us to "echo >&42 some nasty error with some bad advice" directly into the daemon log. :)

Also, "hack/dind" was already doing this due to issues caused by the inheritance, so I'm removing that hack too since this patch obsoletes it by generalizing it for all containers.

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
2014-04-29 16:45:28 -06:00
Tianon Gravi
659305085f Update hack/dind to mount cgroups on "/cgroup" instead of "/sys/fs/cgroup" for better compatibility
Fixes #5122

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
2014-04-28 23:17:36 -06:00
Tianon Gravi
b1fe1797f3 Update hack/dind to match the rest of our scripts
No functional changes here, just coding style and maintainability.

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
2014-04-28 23:16:40 -06:00
Tianon Gravi
44fe8cbbd1 Update to double-dash everywhere
These were found using `git grep -nE '[^-a-zA-Z0-9<>]-[a-zA-Z0-9]{2}'` (fair warning: _many_ false positives there).

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
2014-03-13 11:46:02 -06:00
Jérôme Petazzoni
31638ab2ad Refactor HostConfig and escape apparmor confinement 2013-11-01 13:55:19 -07:00
Jérôme Petazzoni
8c38c30985 Remove spurious messages, and use proper args expansion.
Also, display some (hopefully helpful) message when no command was given.
2013-10-17 23:19:36 -07:00
Jérôme Petazzoni
255b6aadfa Work around an exotic bug affecting Docker-in-Docker + systemd. 2013-10-17 20:42:11 -07:00
Solomon Hykes
34eab42833 Adapt Dockerfile to run docker tests inside docker 2013-09-06 19:27:49 -07:00
Solomon Hykes
3c80bd76cf Adapt the original dind script and add a description 2013-09-06 19:27:48 -07:00
Solomon Hykes
c983023661 Copy dind wrapper script from github.com/jpetazzo/dind 2013-09-06 19:27:48 -07:00