centersl/docker-docs
1
0
Fork 0
mirror of https://github.com/docker/docs.git synced 2026-03-30 07:48:52 +07:00
Code Issues Packages Projects Releases Wiki Activity
6,500 Commits 54 Branches 28 Tags
a64ebabdfaca66709d664cb87a35d689e35cfd0d
Commit Graph

78 Commits

Author SHA1 Message Date
Michael Crosby
431d510cae Remove container env var from libcontainer 
Update tests to use native driver
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 21:51:00 -08:00
Michael Crosby
8db740a38e Move types around in native driver 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 21:21:35 -08:00
Michael Crosby
f8453cd049 Refactor and improve libcontainer and driver 
Remove logging for now because it is complicating things
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 21:11:52 -08:00
Michael Crosby
d59c05a37c Fix exec driver flag, rename new driver to 'native' 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 20:41:09 -08:00
Michael Crosby
27a43692c2 Merge branch 'master' into add-libcontainer 
Conflicts:
	runtime.go

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 20:35:12 -08:00
Michael Crosby
ca537a63a8 Remove chroot driver, it's not needed 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 18:52:48 -08:00
Michael Crosby
9cb4573d33 Improve logging for nsinit 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 18:38:36 -08:00
Michael Crosby
77f68f74c7 Rename namespace driver to docker 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 16:42:30 -08:00
Michael Crosby
9f03fd76b5 Fix restore container by nspid 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 16:35:11 -08:00
Michael Crosby
9bf6cb2692 Fix get pids for nsinit 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 16:26:06 -08:00
Michael Crosby
a76407ac61 Cgroups allow devices for privileged containers 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 15:47:23 -08:00
Michael Crosby
a6e5e18511 Fix kill signals and rootfs path for pid 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 14:35:27 -08:00
Michael Crosby
cfd188e925 Add info for driver 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 14:11:09 -08:00
Michael Crosby
757c7581c8 Use the cpu cgroup subsystem instead of memory because its non optional 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 13:42:13 -08:00
Michael Crosby
01f9815b55 Fix tests with dockerinit lookup path 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 13:40:17 -08:00
Michael Crosby
8f20058307 Compile nsinit into docker for use with dockerinit 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-24 12:21:13 -08:00
Michael Crosby
172260a49b Fix tty copy for driver 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-22 01:28:59 -08:00
Michael Crosby
fac41af25b Refactor driver to use Exec function from nsini 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-22 01:21:26 -08:00
Michael Crosby
2419e63d24 Initial commit of libcontainer running docker 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 17:23:49 -08:00
Michael Crosby
aac702727e Move current tty and pipe impl to lxc driver 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 13:27:34 -08:00
Michael Crosby
8e2284aaa2 Add CloseWriters back and do an interface cast 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 12:52:18 -08:00
Michael Crosby
592c2f6f9a Move term creation into driver 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 12:42:37 -08:00
Michael Crosby
1e74287698 Change Console to Terminal 
Move creation and attach to driver
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 12:32:14 -08:00
Michael Crosby
8c783c1c13 Move console into execdriver 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-21 11:47:53 -08:00
Michael Crosby
9e3da87a3a Cleanup some statements from exec driver work 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-02-14 17:28:50 -08:00
Guillaume J. Charmes
408ea0771a Mount-bind the PTY as container console - allow for tmux/screen to run 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-02-13 17:23:09 -08:00
Michael Crosby
3c215ba410 Merge pull request #4059 from alexlarsson/no-netadmin-caps 
lxc: Drop NET_ADMIN capability in non-privileged containers
 2014-02-11 14:20:34 -05:00
Alexander Larsson
02fddffd51 lxc: Drop NET_ADMIN capability in non-privileged containers 
With this capability set the container can e.g. change the ip address
of his devices to that of another container on the docker0 bridge. In
a quick test I was able to listen to a port on a different ip than the
one docker assigned me, but was not able to hijack an open port
redirection that another container had open. Maybe its possible with
some more knowledge of networking though.

Anyway, network setup is meant to be handled by docker, not the apps,
so I believe denying this is generally in the spirit of docker, and
it closes down potential security issues.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-02-11 11:17:34 +01:00
Victor Vieux
2dcb48af0f Merge pull request #3524 from tianon/supplementary-groups 
Add supplementary groups lookup in sysinit
 2014-02-10 14:42:14 -08:00
Victor Vieux
036900a63a Merge pull request #3871 from jdef/patch-1 
Update lxc_template.go
 2014-02-10 14:38:39 -08:00
Guillaume J. Charmes
7c06d5e34e Remove panic in lxc driver. 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-02-07 19:09:52 -08:00
James DeFelice
17c124baf6 Update lxc_template.go 
If networking is disabled, but then pipework is used later to add nics, the network still doesn't function. Using flags=up for empty networking fixes this.
Docker-DCO-1.1-Signed-off-by: James DeFelice <james.defelice@ishisystems.com> (github: jdef)
 2014-02-03 16:14:15 -05:00
Tianon Gravi
ee93f6185b Move UserLookup functionality into a separate pkg/user submodule that implements proper parsing of /etc/passwd and /etc/group, and use that to add support for "docker run -u user:group" and for getting supplementary groups (if ":group" is not specified) 
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
 2014-01-31 20:15:24 -07:00
Victor Vieux
523341d994 Merge pull request #3857 from creack/remove_darwin_files 
Remove all darwin specific files and use more generic _unsupported with build tags.
 2014-01-31 11:48:10 -08:00
Michael Crosby
f267938fb8 Merge pull request #3844 from clkao/lxc-kill-deprecation 
Use lxc-stop -k instead of lxc-kill
 2014-01-31 10:57:40 -08:00
Tianon Gravi
065dd231dd Update/fix build tags, Dockerfile, and release.sh for proper building and releasing of linux/386 and linux/arm cross-compiled client binaries 
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
 2014-01-31 03:16:42 -07:00
Guillaume J. Charmes
45dd051e8e Remove all darwin specific files and use more generic _unsupported with build tags. 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-01-30 23:10:56 +00:00
Victor Vieux
720f64af18 fix TestExitCode 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
 2014-01-30 22:59:21 +00:00
Chia-liang Kao
b111fc3646 Use lxc-stop -k when lxc-kill is not found 
lxc-kill was removed in lxc/lxc@33ddfc2

Docker-DCO-1.1-Signed-off-by: Chia-liang Kao <clkao@clkao.org> (github: clkao)
 2014-01-31 03:22:22 +08:00
Michael Crosby
c00cb1aca1 Merge pull request #3808 from alexlarsson/execdriver-get-pids-for-container 
execdriver: Make GetPidsForContainer() a driver call
 2014-01-29 10:38:10 -08:00
Alexander Larsson
9ad70528b7 exexdriver: Make Command.GetExitCode an internal call 
This code only works for backends that directly spawn the child
via the Command. It will not work for the libvirt backend. So
we move this code into the individual backends that need it.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-01-28 19:20:35 +01:00
Alexander Larsson
335bc39c9a execdriver: Make GetPidsForContainer() a driver call 
The current implementation is lxc specific.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-01-28 16:21:49 +01:00
Victor Vieux
0dd856ee7f Merge pull request #3724 from creack/extract-lxc-phase-2 
Refactor process to command
 2014-01-23 15:28:45 -08:00
Michael Crosby
ba8ca59862 Compile driver interface changes 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-01-22 14:05:01 -08:00
Guillaume J. Charmes
75e0357d69 Populate Command self cointainer (toward Restore()) 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-01-22 14:04:55 -08:00
Alexander Larsson
08ab554195 Fix handling of shared roots 
If rootIsShared() is detected we apply the shell stuff to early, before
the real command and arguments are added to the parameters. This
means they get passed on to unshare rather than docker-init, breaking
docker on e.g. fedora like:

goroutine 1 [running]:
runtime.panic(0x678340, 0x9b3fd7)
	/usr/lib64/golang/src/pkg/runtime/panic.c:266 +0xb6
github.com/dotcloud/docker/execdriver/lxc.func·001(0xc21000a1b0, 0xc21001eab0, 0x7fff24715faf)
	/home/alex/vcs/go/src/github.com/dotcloud/docker/execdriver/lxc/driver.go:41 +0x525
github.com/dotcloud/docker/sysinit.executeProgram(0xc21000a1b0, 0xc21000a1b0, 0xa)
	/home/alex/vcs/go/src/github.com/dotcloud/docker/sysinit/sysinit.go:34 +0xca
github.com/dotcloud/docker/sysinit.SysInit()
	/home/alex/vcs/go/src/github.com/dotcloud/docker/sysinit/sysinit.go:88 +0x791
main.main()
	/home/alex/vcs/go/src/github.com/dotcloud/docker/dockerinit/dockerinit.go:14 +0x1a

The fix is to construct the full params array before escaping it.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-01-21 10:22:13 +01:00
Guillaume J. Charmes
12468f2bc8 Rename Process to Command 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
 2014-01-20 16:05:07 -08:00
Paul Nasrat
71c1646ba3 Don't expose cgroups via the execdriver API. 
Use Resources to represent container limits rather than a cgroup specific field.

Docker-DCO-1.1-Signed-off-by: Paul Nasrat <pnasrat@gmail.com> (github: pnasrat)
 2014-01-20 17:06:24 -05:00
Paul Nasrat
2553029959 Extract cgroups pkg. 
Initial move before enhancing cgroups package.

Docker-DCO-1.1-Signed-off-by: Paul Nasrat <pnasrat@gmail.com> (github: pnasrat)
 2014-01-20 14:15:44 -05:00
Paul Nasrat
2e094db639 Extract mount into pkg. 
Mount is self contained and generic, it should be in pkg, to allow other pkg modules to use it.

Docker-DCO-1.1-Signed-off-by: Paul Nasrat <pnasrat@gmail.com> (github: pnasrat)
 2014-01-20 13:59:29 -05:00