beenull/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
The Moby Project - a collaborative project for the container ecosystem to assemble container-based systems
37223 commits 14 branches 412 tags 338 MiB
Go 96.3%
Shell 1.3%
Go-Checksums 1.1%
Dockerfile 0.7%
PowerShell 0.3%
Other 0.1%
Find a file
Sebastiaan van Stijn 8ddb4c4e95
bump runc vendor v1.0.0-rc8-92-g84373aaa 
full diff: https://github.com/opencontainers/runc/compare/v1.0.0-rc8...3e425f80a8c931f88e6d94a8c831b9d5aa481657

  - opencontainers/runc#2010 criu image path permission error when checkpoint rootless container
  - opencontainers/runc#2028 Update to Go 1.12 and drop obsolete versions
  - opencontainers/runc#2029 Update dependencies
  - opencontainers/runc#2034 Support for logging from children processes
  - opencontainers/runc#2035 specconv: always set "type: bind" in case of MS_BIND
  - opencontainers/runc#2038 `r.destroy` can defer exec in `runner.run` method
  - opencontainers/runc#2041 Change the permissions of the notify listener socket to rwx for everyone
  - opencontainers/runc#2042 libcontainer: intelrdt: add missing destroy handler in defer func
  - opencontainers/runc#2047 Move systemd.Manager initialization into a function in that module
  - opencontainers/runc#2057 main: not reopen /dev/stderr
      - closes opencontainers/runc#2056 Runc + podman|cri-o + systemd issue with stderr
      - closes kubernetes/kubernetes#77615 kubelet fails starting CRI-O containers (Ubuntu 18.04 + systemd cgroups driver)
      - closes cri-o/cri-o#2368 Joining worker node not starting flannel or kube-proxy / CRI-O error "open /dev/stderr: no such device or address"
  - opencontainers/runc#2061 libcontainer: fix TestGetContainerState to check configs.NEWCGROUP
  - opencontainers/runc#2065 Fix cgroup hugetlb size prefix for kB
  - opencontainers/runc#2067 libcontainer: change seccomp test for clone syscall
  - opencontainers/runc#2074 Update dependency libseccomp-golang
  - opencontainers/runc#2081 Bump CRIU to 3.12
  - opencontainers/runc#2089 doc: First process in container needs `Init: true`
  - opencontainers/runc#2094 Skip searching /dev/.udev for device nodes
      - closes opencontainers/runc#2093 HostDevices() race with older udevd versions
  - opencontainers/runc#2098 man: fix man-pages
  - opencontainers/runc#2103 cgroups/fs: check nil pointers in cgroup manager
  - opencontainers/runc#2107 Make get devices function public
  - opencontainers/runc#2113 libcontainer: initial support for cgroups v2
  - opencontainers/runc#2116 Avoid the dependency on cgo through go-systemd/util package
      - removes github.com/coreos/pkg as dependency
  - opencontainers/runc#2117 Remove libcontainer detection for systemd features
      - fixes opencontainers/runc#2117 Cache the systemd detection results
  - opencontainers/runc#2119 libcontainer: update masked paths of /proc
      - relates to moby/moby#36368 Add /proc/keys to masked paths
      - relates to moby/moby#38299 Masked /proc/asound
      - relates to moby/moby#37404 Add /proc/acpi to masked paths (CVE-2018-10892)
  - opencontainers/runc#2122 nsenter: minor fixes
  - opencontainers/runc#2123 Bump x/sys and update syscall for initial Risc-V support
  - opencontainers/runc#2125 cgroup: support mount of cgroup2
  - opencontainers/runc#2126 libcontainer/nsenter: Don't import C in non-cgo file
  - opencontainers/runc#2129 Only allow proc mount if it is procfs
      - addresses opencontainers/runc#2129 AppArmor can be bypassed by a malicious image that specifies a volume at /proc (CVE-2019-16884)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit ac0ab114a2)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-27 16:25:48 +02:00
.github hack: remove integration-cli-on-swarm 2019-08-19 18:54:38 +02:00
api fix some spelling mistakes 2019-09-25 21:35:49 +02:00
builder TestDispatch: refactor to use subtests again, and fix linting (structcheck) 2019-09-25 21:35:56 +02:00
cli allow running dockerd in an unprivileged user namespace (rootless mode) 2019-02-04 00:24:27 +09:00
client Improve readability of Windows connect error 2019-09-06 23:09:33 +02:00
cmd/dockerd Add (hidden) flags to set containerd namespaces 2019-09-25 17:26:26 +02:00
container Handle blocked I/O of exec'd processes 2019-09-20 19:10:52 +02:00
contrib dockerd-rootless.sh: use exec 2019-05-16 22:06:01 +09:00
daemon awslogs: fix flaky TestLogBlocking unit test 2019-09-25 21:43:08 +02:00
distribution distribution: modify warning logic when pulling v2 schema1 manifests 2019-09-19 00:46:14 +00:00
dockerversion Remove version-checks for containerd and runc 2018-10-04 23:17:13 +02:00
docs rootless: allow exposing dockerd TCP socket easily 2019-07-18 13:03:33 +09:00
errdefs Add regression tests for invalid platform status codes 2019-09-16 15:37:47 +02:00
hack update runc to v1.0.0-rc8-92-g84373aaa (CVE-2019-16884) 2019-09-27 16:25:39 +02:00
image Merge pull request #38888 from quasilyte/fix_copying 2019-03-21 01:48:27 +01:00
integration integration: TestInspect(): use swarm.RunningTasksCount 2019-09-25 21:36:09 +02:00
integration-cli integration-cli: Skip TestAPIImagesSaveAndLoad on RS3 and older 2019-09-25 21:36:12 +02:00
internal integration-cli: add daemon.StartNodeWithBusybox function 2019-09-25 21:36:11 +02:00
layer layer: protect from same-name races 2019-05-25 22:33:45 +02:00
libcontainerd Merge pull request #356 from thaJeztah/19.03_backport_fix_windows_errortype 2019-09-24 11:34:21 -07:00
oci Capabilities refactor 2019-01-22 21:50:41 +02:00
opts Adjust tests for changes in Go 1.12.8 / 1.11.13 2019-08-14 02:52:42 +02:00
pkg Merge pull request #381 from thaJeztah/19.03_backport_hn3000_fix_39981 2019-09-26 10:47:55 -07:00
plugin Add (hidden) flags to set containerd namespaces 2019-09-25 17:26:26 +02:00
profiles Add sigprocmask to default seccomp profile 2019-09-12 10:25:44 +02:00
project Add support for setting GOARM in cross target. 2019-04-17 13:19:14 -07:00
reference Merge pull request #37781 from mtrmac/reference-race-upstream 2018-10-18 12:35:57 -07:00
registry Remove v1 manifest code 2019-06-18 18:54:59 +00:00
reports Fix typos 2018-05-16 09:15:43 +08:00
restartmanager Add canonical import comment 2018-02-05 16:51:57 -05:00
rootless dockerd: fix rootless detection (alternative to #39024) 2019-05-13 15:31:31 -07:00
runconfig Format code with gofmt -s from go-1.11beta1 2018-09-06 15:24:16 -07:00
vendor bump runc vendor v1.0.0-rc8-92-g84373aaa 2019-09-27 16:25:48 +02:00
volume Entropy cannot be saved 2019-06-11 17:40:09 +02:00
.DEREK.yml Update Derek behaviour 2019-02-28 11:20:18 +00:00
.dockerignore hack: remove integration-cli-on-swarm 2019-08-19 18:54:38 +02:00
.gitignore run unit tests and generate junit report 2019-08-19 18:56:04 +02:00
.mailmap Update AUTHORS and .mailmap 2019-04-17 13:22:59 +02:00
AUTHORS Update AUTHORS and .mailmap 2019-04-17 13:22:59 +02:00
CHANGELOG.md Fix some typos 2018-09-07 13:13:47 +08:00
codecov.yml Add code coverage report and codecov config 2018-01-16 16:50:56 -05:00
CONTRIBUTING.md Fix link anchors in CONTRIBUTING.md 2018-06-13 21:58:48 +09:00
Dockerfile Dockerfile: remove GOMETALINTER_OPTS 2019-09-25 21:36:12 +02:00
Dockerfile.e2e Bump Golang 1.12.9 2019-09-16 16:20:10 +02:00
Dockerfile.simple Bump Golang 1.12.9 2019-09-16 16:20:10 +02:00
Dockerfile.windows hack/ci/windows.ps1: fix Go version check (due to trailing .0) 2019-09-25 21:36:08 +02:00
Jenkinsfile Jenkinsfile: move integration step cleanup to amd64 where it was intended to be 2019-09-26 18:16:49 +02:00
LICENSE Update LICENSE 2018-09-12 14:27:53 +01:00
MAINTAINERS fix some spelling mistakes 2019-09-25 21:35:49 +02:00
Makefile integration: simplify parallel run destination 2019-09-25 21:35:50 +02:00
NOTICE switch kr/pty to creack/pty v1.1.7 2019-09-12 10:24:55 +02:00
poule.yml Poule:Add Windows RS5 2018-10-08 15:38:27 -07:00
README.md Add "Lego set" back in README.md 2017-10-10 14:10:39 +00:00
ROADMAP.md Fix some typos in ROADMAP.md 2019-01-25 14:27:13 +08:00
TESTING.md Add support for setting a test filter 2019-08-31 13:27:11 +02:00
vendor.conf bump runc vendor v1.0.0-rc8-92-g84373aaa 2019-09-27 16:25:48 +02:00
VENDORING.md fix the bare url and the Summary of http://semver.org 2017-01-17 16:20:11 +08:00

README.md

The Moby Project

Moby Project logo

Moby is an open-source project created by Docker to enable and accelerate software containerization.

It provides a "Lego set" of toolkit components, the framework for assembling them into custom container-based systems, and a place for all container enthusiasts and professionals to experiment and exchange ideas. Components include container build tools, a container registry, orchestration tools, a runtime and more, and these can be used as building blocks in conjunction with other tools and projects.

Principles

Moby is an open project guided by strong principles, aiming to be modular, flexible and without too strong an opinion on user experience. It is open to the community to help set its direction.

  • Modular: the project includes lots of components that have well-defined functions and APIs that work together.
  • Batteries included but swappable: Moby includes enough components to build fully featured container system, but its modular architecture ensures that most of the components can be swapped by different implementations.
  • Usable security: Moby provides secure defaults without compromising usability.
  • Developer focused: The APIs are intended to be functional and useful to build powerful tools. They are not necessarily intended as end user tools but as components aimed at developers. Documentation and UX is aimed at developers not end users.

Audience

The Moby Project is intended for engineers, integrators and enthusiasts looking to modify, hack, fix, experiment, invent and build systems based on containers. It is not for people looking for a commercially supported system, but for people who want to work and learn with open source code.

Relationship with Docker

The components and tools in the Moby Project are initially the open source components that Docker and the community have built for the Docker Project. New projects can be added if they fit with the community goals. Docker is committed to using Moby as the upstream for the Docker Product. However, other projects are also encouraged to use Moby as an upstream, and to reuse the components in diverse ways, and all these uses will be treated in the same way. External maintainers and contributors are welcomed.

The Moby project is not intended as a location for support or feature requests for Docker products, but as a place for contributors to work on open source code, fix bugs, and make the code more useful. The releases are supported by the maintainers, community and users, on a best efforts basis only, and are not intended for customers who want enterprise or commercial support; Docker EE is the appropriate product for these use cases.

Legal

Brought to you courtesy of our legal counsel. For more context, please see the NOTICE document in this repo.

Use and transfer of Moby may be subject to certain restrictions by the United States and other governments.

It is your responsibility to ensure that your use and/or transfer does not violate applicable laws.

For more information, please see https://www.bis.doc.gov

Licensing

Moby is licensed under the Apache License, Version 2.0. See LICENSE for the full license text.