beenull/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
3863 commits 14 branches 412 tags 338 MiB
Commit graph

47 commits

Author SHA1 Message Date
Jérôme Petazzoni
31638ab2ad Refactor HostConfig and escape apparmor confinement 2013-11-01 13:55:19 -07:00
Brian Olsen
be7eb4bfcb Set environment variables using a file. 2013-10-31 00:48:12 +01:00
Tianon Gravi
cf86e2bb22 Rename all cases of "docker-init" to "dockerinit" for consistency 2013-10-25 15:13:25 -07:00
Paul Nasrat
aa3697520a Fixes issues with mounting subdirectories of /mnt in container. 
Tested with
mkdir /mnt/data
docker run -v /mnt/data:/mnt/data  -t ubuntu:12.10 touch /mnt/data/bar

Expected /mnt/data/bar on host.
 2013-10-09 16:40:46 -04:00
Alexander Larsson
80319add55 lxc: Allow set_file_cap capability in container 
This means you're able to set the bits for capabilities on files
inside the container. This is needed for e.g. many fedora packages
as they use finegrained capabilities rather than setuid binaries.

This is safe as we're not adding capabilities really, since the
container is already allowed to create setuid binaries. Setuid
binaries are strictly more powerful that any capabilities (as root implies
all capabilities).

This doesn't mean the container can *gain* capabilities that it
doesn't already have though. The actual set of caps are strictly
decreasing.
 2013-09-26 21:41:45 +02:00
Michael Crosby
5a01f7485c Only mount hostname files if config exists 2013-09-16 17:53:24 +00:00
Victor Vieux
4f2e59f94a bind mount /etc/hosts and /etc/hostname 2013-09-09 20:29:57 +00:00
Michael Crosby
551092f9c0 Add lxc-conf flag to allow custom lxc options 2013-08-22 16:05:21 +00:00
Michael Crosby
9662f9e56a Merge pull request #1478 from jpetazzo/929-insecure-flag 
add -privileged flag and relevant tests, docs, and examples
 2013-08-14 13:55:18 -07:00
Jérôme Petazzoni
280901e5fb add -insecure flag and relevant tests 2013-08-13 16:20:22 -07:00
Karan Lyons
075d30dbce Mount /dev/shm as a tmpfs 
Fixes #1122.
 2013-08-07 17:44:33 -07:00
Guillaume J. Charmes
f6fa353dd8 Merge pull request #1267 from sridatta/new-clean-init 
* Runtime: Fix to "Inject dockerinit at /.dockerinit"
 2013-08-05 13:23:22 -07:00
Stefan Praszalowicz
bc172e5e5f Invert network disable flag and logic (unbreaks TestAllocate*PortLocalhost) 2013-07-22 19:00:35 -07:00
Stefan Praszalowicz
3342bdb331 Support networkless containers with new docker run option '-n' 2013-07-21 17:11:47 -07:00
Solomon Hykes
5d8efc107d + Runtime: inject dockerinit at /.dockerinit instead of overwriting /sbin/init. This makes it possible to run /sbin/init inside a container. 2013-07-17 17:13:34 -07:00
Guillaume J. Charmes
4e0cdc016a Revert #1126. Remove mount shm 2013-07-05 10:47:00 -07:00
Karan Lyons
dd619d2bd6 Mount /dev/shm as a tmpfs. 
Fixes #1122.
 2013-07-04 09:58:50 -07:00
Gabriel Monroy
67239957c9 - Fix a few bugs in external mount-bind integration 2013-06-26 15:10:38 -07:00
Solomon Hykes
d4e62101ab * Runtime: better integration of external bind-mounts (run -b) into the volume subsystem (run -v) 2013-06-26 15:08:07 -07:00
Gabriel Monroy
4fdf11b2e6 + Runtime: mount volumes from a host directory with 'docker run -b' 2013-06-26 15:07:31 -07:00
globalcitizen
788d66f409 Add note about lxc.cap.keep > lxc.cap.drop 2013-06-20 00:39:35 +07:00
globalcitizen
96988a37f5 Add healthy procfs/sysfs warnings 2013-06-20 00:37:08 +07:00
Victor Vieux
fd224ee590 linted names 2013-06-04 18:00:22 +00:00
Jérôme Petazzoni
efd9becb78 implement "-c" option to allocate a number of CPU shares to a container 2013-05-07 11:16:30 -07:00
Guillaume J. Charmes
6fb495bf6f Move the id of volumes to Container (instead of Container.Config) 2013-05-02 09:14:22 -07:00
Guillaume J. Charmes
8d9aaee60b Handle data volumes mount points 2013-05-02 09:14:22 -07:00
Guillaume J. Charmes
1f9f5eed5d Put the resolv.conf path in a variable instead of being hardcoded within lxc 2013-04-10 18:23:34 -07:00
Guillaume J. Charmes
d9a9bfc9c7 Make LXC aware of custom bridge 2013-04-03 16:15:44 -07:00
Mikhail Sobolev
b2b6d519c5 remove executable bit from lxc_template.go 2013-03-26 16:36:49 +02:00
Solomon Hykes
7c57a4cfc0 Simplified the core container API, ported it to the new graph. Some features are missing eg. image 'paths' and tags 2013-03-21 00:25:00 -07:00
Guillaume J. Charmes
9ff6dd767a Allow ping within a container. Issue #91 
Allow the net_raw capability
 2013-03-15 02:37:02 -07:00
creack
150a4fe7e5 Merge master within fs 2013-03-12 08:33:21 -07:00
Sam Alba
f8fee42181 Missed a rename 2013-03-11 19:55:14 -07:00
Sam Alba
948961831a Renamed Container property Ram to Memory before it is too late 2013-03-11 19:25:02 -07:00
Sam Alba
75d04a5a75 Added support for RamSwap in the generated LXC config (to limit the swap and have the right default settings) 2013-03-11 17:40:54 -07:00
Sam Alba
a3a946703b Set the memory soft limit to the same value than the hard limit 2013-03-11 14:30:27 -07:00
shin-
97a8209438 Merged master branch into fs 2013-03-11 05:42:36 -07:00
Andrea Luzzardi
2192d3371c Re-enabled lxc capabilities drop 2013-02-28 11:57:57 -08:00
Andrea Luzzardi
09eacdfade Container can now take a list of ports to expose in its config 2013-02-28 11:51:14 -08:00
shin-
2ebf3464a1 Halfway through fs branch fixes, TestUser not passing 2013-02-26 17:45:46 -08:00
Andrea Luzzardi
c08f5b2b84 Integrated the network allocator into Docker. A networking environment 
is assigned to each container upon Start and released whenever the
container exits.
 2013-02-25 14:06:22 -08:00
Andrea Luzzardi
5cecd548cd Basic networking support with hardcoded addresses. Work in progress. 2013-02-21 10:47:57 -08:00
Andrea Luzzardi
58a2294260 Implemented a self-injecting process wrapper that runs inside the container 
- Before starting the container, docker injects itself inside the container by mount binding the dockerd binary into /sbin/init
- Instead of running the user process directly inside the container, we run /sbin/init targetprocess [args...]
- When docker is run as /sbin/init (e.g. argv[0] == "/sbin/init"), then its own sys init code kicks in
- The sys init code will be responsible for setting up the process environment prior to its execution (setuid, networking, ...).
- Finally, docker's sys init will exec() the container's process, thus replacing itself with the target binary (which will be running as pid 1)
 2013-02-13 14:01:44 -08:00
Andrea Luzzardi
2416edd400 LXC template: Cleanup using text/template variables 2013-02-13 13:56:19 -08:00
Andrea Luzzardi
54a946e333 Networking: Mount bind (ro) the host's /etc/resolv.conf into the 
container in order to get networking.
 2013-01-28 17:32:15 -08:00
Andrea Luzzardi
78c02daf47 container.Name -> container.Id 2013-01-21 18:39:52 -08:00
Andrea Luzzardi
a27b4b8cb8 Initial commit 2013-01-18 16:13:39 -08:00