docker/cli
1
0
Fork 0
mirror of https://github.com/docker/cli.git synced 2026-01-19 21:41:31 +03:00
Code Activity
7,082 Commits 12 Branches 297 Tags
1e8741dfed87929dc7e1f9fbf4d03be13d67ffac
Commit Graph

223 Commits

Author SHA1 Message Date
Victor Vieux
ae0da14a77 Merge pull request #4442 from ibuildthecloud/hairpin-nat 
Support hairpin NAT without going through docker server
Upstream-commit: d2327006d659595e88da653e054f826401b05727
Component: engine
 2014-03-27 18:09:42 -07:00
Alexander Larsson
5f846085d9 cgroups: Add systemd implementation of cgroups 
This implements cgroup.Apply() using the systemd apis.
We create a transient unit called "docker-$id.scope" that contains
the container processes. We also have a way to set unit specific
properties, currently only defining the Slice to put the
scope in.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 6c7835050e53b733181ddfca6152c358fd625400
Component: engine
 2014-03-27 22:44:31 +01:00
Alexander Larsson
a2c3f01761 Add systemd.SdBooted() 
This is a conversion of sd_booted() from libsystemd to go and checks
if the system was booted with systemd.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 1296d5ce9ad43d8d833f6e5661da45aef6d4c26b
Component: engine
 2014-03-27 22:44:31 +01:00
Alexander Larsson
931e59cc5b pkg/systemd: Drop our copy-pasted version of go-systemd/activation 
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: cb43fd007133fc05b6bb2b0d3d58fef8b1e60537
Component: engine
 2014-03-27 22:44:31 +01:00
Alexander Larsson
cf568a7031 cgroups: Join groups by writing to cgroups.procs, not tasks 
cgroups.procs moves all the threads of the process, and "tasks" just
the one thread. I believe there is a risk that we move the main thread,
but then we accidentally fork off one of the other threads if the go
scheduler randomly switched to another thread. So, it seems safer (and
more correct) to use cgroups.procs.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 9294d7f2af6ecb7c18be11fb5043fad4a61d8f09
Component: engine
 2014-03-27 21:47:47 +01:00
Alexander Larsson
4a0326289d cgroups: Splity out Apply/Cleanup to separate file/interface 
This leaves only the generic cgroup helper functions in cgroups.go and
will allow easy implementations of other cgroup managers.

This also wires up the call to Cleanup the cgroup which was missing
before.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 7f7d8419a71d49b25e4d38196b36e93b568bb61d
Component: engine
 2014-03-27 21:47:47 +01:00
Dan Walsh
f757666ccd This patch adds SELinux labeling support. 
docker will run the process(es) within the container with an SELinux label and will label
all of  the content within the container with mount label.  Any temporary file systems
created within the container need to be mounted with the same mount label.

The user can override the process label by specifying

-Z With a string of space separated options.

-Z "user=unconfined_u role=unconfined_r type=unconfined_t level=s0"

Would cause the process label to run with unconfined_u:unconfined_r:unconfined_t:s0"

By default the processes will run execute within the container as svirt_lxc_net_t.
All of the content in the container as svirt_sandbox_file_t.

The process mcs level is based of the PID of the docker process that is creating the container.

If you run the container in --priv mode, the labeling will be disabled.

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Upstream-commit: 4c4356692580afb3971094e322aea64abe0e2500
Component: engine
 2014-03-26 15:30:40 -04:00
Michael Crosby
2d58b8bf60 Only unshare the mount namespace for execin 
Fixes #4728
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 4b1513f9c394fbfdf21998db4318251b4e8b6bc0
Component: engine
 2014-03-17 18:52:56 -07:00
unclejack
0aaef1f844 Merge pull request #4710 from jimenez/4680-timeout_flag-fix 
Disable timeout
Upstream-commit: fb503da34e2eae1aab3a54eed4c5a2374fa35c7d
Component: engine
 2014-03-18 00:38:39 +02:00
Isabel Jimenez
e839931238 adding configuration for timeout and disable it by default 
Docker-DCO-1.1-Signed-off-by: Isabel Jimenez <contact@isabeljimenez.com> (github: jimenez)
Upstream-commit: 25218f9b239784e6f38550a6e320bce56aaca3e1
Component: engine
 2014-03-17 15:12:02 -07:00
Timothy Hobbs
ccebbeffe2 Fix issue #4681 - No loopback interface within container when networking is disabled. 
Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: https://github.com/timthelion)

Remove loopback code from veth strategy

Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: https://github.com/timthelion)

Looback strategy: Get rid of uneeded code in Create
Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: https://github.com/timthelion)

Use append when building network strategy list

Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: https://github.com/timthelion)

Swap loopback and veth strategies in Networks list

Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: https://github.com/timthelion)

Revert "Swap loopback and veth strategies in Networks list"

This reverts commit 3b8b2c8454171d79bed5e9a80165172617e92fc7.

Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: https://github.com/timthelion)

When initializing networks, only return from the loop if there is an error

Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: https://github.com/timthelion)
Upstream-commit: 353df19ab7009f6555dee506841ae0b690a08768
Component: engine
 2014-03-17 22:01:24 +01:00
Guillaume J. Charmes
4ff432cad1 Merge pull request #4645 from crosbymichael/add-logger 
Add logger to libcontainer
Upstream-commit: 597e0812fb8a40cf73388bcc44e6be74035a9846
Component: engine
 2014-03-17 11:30:14 -07:00
Guillaume J. Charmes
f1b6288e96 Merge pull request #4719 from philips/Capabilities-to-CapabilitiesMask 
refactor(libcontainer): rename to CapabilitiesMask
Upstream-commit: 73f5aa87af0feb22570d1ea1b71ac58b874ac4cd
Component: engine
 2014-03-17 11:15:29 -07:00
Brandon Philips
b1507c6b21 chore(libcontainer): small grammar fix in types_test 
Someone probably got really used to typing er on the end of contain :)

Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
Upstream-commit: ad7e7d612390d09d3a54fd82dda9687deb3b0cbe
Component: engine
 2014-03-17 11:07:29 -07:00
Brandon Philips
ba77c9041d refactor(libcontainer): rename to CapabilitiesMask 
The Capabilities field on libcontainer is actually used as a mask.
Rename the field so that this is more clear.

Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
Upstream-commit: 128381e0f0372f10f88a847087aa91a972770c4b
Component: engine
 2014-03-17 11:07:12 -07:00
unclejack
2e43a87446 Merge pull request #4672 from vieux/update_godoc_mflags 
update godoc and add MAINTAINERS for mflags
Upstream-commit: 555c1ef670c7f0dd9e1bd195ac6391e06e657f67
Component: engine
 2014-03-17 19:30:58 +02:00
Michael Crosby
842270ca38 Send sigterm to child instead of sigkill 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 39037a91f85a4a072e5aa7e585d8c2f6b211df8a
Component: engine
 2014-03-14 15:42:05 -07:00
Victor Vieux
2fa4f2c621 update godoc and add MAINTAINERS for mflags 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
Upstream-commit: a41f6d936754f66d1786fa5b840278443da8d93c
Component: engine
 2014-03-14 17:35:41 +00:00
Michael Crosby
0d0170bb11 Add stderr log ouput if in debug 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 0e863a584a6edfa1c3ec383c586b646663b66bc7
Component: engine
 2014-03-14 09:55:05 -07:00
Michael Crosby
3f944b4fd6 Add initial logging to libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 7294392c729de4c5884eb967f192b34a1d8857a7
Component: engine
 2014-03-14 09:55:05 -07:00
Michael Crosby
0e6df3669c Update libcontainer readme and todo list 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: cbd2a30cd6185d1469f82f8b6693d6158c93d54a
Component: engine
 2014-03-13 15:18:08 -07:00
Michael Crosby
1080c0f16b Merge pull request #4656 from crosbymichael/fix-ptmx-link 
Always symlink /dev/ptmx for libcontainer
Upstream-commit: 28994f86eef11074f613433893ef345321afef91
Component: engine
 2014-03-13 14:57:17 -07:00
Guillaume J. Charmes
596209d4bb Merge pull request #4422 from alexlarsson/internal-mounts 
Move all bind-mounts in the container inside the namespace
Upstream-commit: c7ea6e5da80af3d9ba7558f876efbf0801d988d8
Component: engine
 2014-03-13 14:55:29 -07:00
Michael Crosby
75217fbf0a Always symlink /dev/ptmx for libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 747275d30c4d4eb25ca798394cc04db00912adb2
Component: engine
 2014-03-13 14:31:09 -07:00
Victor Vieux
0238b3e45c Merge pull request #4624 from creack/fix_apparmor_init 
Fix issue when /etc/apparmor.d does not exists
Upstream-commit: 192917a1cbfd325cd4d141d76703a3ccfd6e60e7
Component: engine
 2014-03-13 14:04:13 -07:00
Alexander Larsson
746b307c72 Move all bind-mounts in the container inside the namespace 
This moves the bind mounts like /.dockerinit, /etc/hostname, volumes,
etc into the container namespace, by setting them up using lxc.

This is useful to avoid littering the global namespace with a lot of
mounts that are internal to each container and are not generally
needed on the outside. In particular, it seems that having a lot of
mounts is problematic wrt scaling to a lot of containers on systems
where the root filesystem is mounted --rshared.

Note that the "private" option is only supported by the native driver, as
lxc doesn't support setting this. This is not a huge problem, but it does
mean that some mounts are unnecessarily shared inside the container if you're
using the lxc driver.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 6c266c4b42eeabe2d433a994753d86637fe52a0b
Component: engine
 2014-03-13 20:01:29 +01:00
Guillaume J. Charmes
5a323c5f4c Use BSD raw mode on darwin. Fixes nano, tmux and others 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
Upstream-commit: 029aac96396f5a9d76adf5e4675d27321273dfbd
Component: engine
 2014-03-13 11:11:02 -07:00
Guillaume J. Charmes
69e0188d27 Fix issue when /etc/apparmor.d does not exists 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
Upstream-commit: 6a325f1c7a243689ecf01f257ac7afb95fea7ec2
Component: engine
 2014-03-12 11:13:24 -07:00
Victor Vieux
8980d7490c improve deprecation message 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
Upstream-commit: f0eb227548427f6fc829f2b270ad83d22bd90c69
Component: engine
 2014-03-12 00:51:46 +00:00
Guillaume J. Charmes
84def4f523 Update email + add self to pkg/signal 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
Upstream-commit: 915d967f556bc7bb3faea34db8a06ea64fd5de92
Component: engine
 2014-03-10 20:26:45 -07:00
Kato Kazuyoshi
ed3716396b Like signal_linux.go, we don't have import os and os/signal 
Docker-DCO-1.1-Signed-off-by: Kato Kazuyoshi <kato.kazuyoshi@gmail.com> (github: kzys)
Upstream-commit: b2cd89056f5c49746ee668946ce4e1771f3ce368
Component: engine
 2014-03-11 23:14:58 +09:00
Michael Crosby
11f1b48016 Merge pull request #4563 from creack/signal-improvment 
Signal improvments
Upstream-commit: b5a544b02e2d6f5e880064f327bcb1d5d866e30e
Component: engine
 2014-03-10 17:59:17 -07:00
Michael Crosby
6afe06b48d Merge pull request #4515 from vieux/improve_sort_flags 
improve alpha sort in mflag
Upstream-commit: 923962a4b5e8787449ff247400f0b30b4b04835d
Component: engine
 2014-03-10 17:45:41 -07:00
Guillaume J. Charmes
9db05a87c8 Make docker use the signal pkg with strings 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
Upstream-commit: 157f24ca77a38f7c5c2b22322a2a353d5098a21e
Component: engine
 2014-03-10 17:36:47 -07:00
Guillaume J. Charmes
9d9d39b644 Create portable signalMap 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
Upstream-commit: 10dc16dcd3aa82be256e5072a25dcf18af8e3844
Component: engine
 2014-03-10 17:36:41 -07:00
Guillaume J. Charmes
357d278b81 Move signal to pkg 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
Upstream-commit: c5632622391921160687f3e0155bdfe3d3cfc07d
Component: engine
 2014-03-10 17:36:32 -07:00
srid
8f3c1c1399 nsinit: prefix errors with their source 
Docker-DCO-1.1-Signed-off-by: Sridhar Ratnakumar <github@srid.name> (github: srid)
Upstream-commit: 03211ecce07ab64f5263232e1aa3c6248530c5b4
Component: engine
 2014-03-10 17:08:50 -07:00
unclejack
9ff573ff6e Merge pull request #3985 from creack/add_freebsd_support 
Add freebsd client support
Upstream-commit: 8bcb156694152d90698c3a0cb7b9cf539a838f8e
Component: engine
 2014-03-11 00:58:30 +02:00
Guillaume J. Charmes
519289ece2 Update bsd specs 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
Upstream-commit: 6ccfb7fb9af207a9999c60e57d1c9486ca949a5e
Component: engine
 2014-03-10 15:19:08 -07:00
Victor Vieux
5bd0f32f99 move opts out of pkg because it's related to docker 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
Upstream-commit: fde5f573d39020476c08ed25fac0a6306f7b18cc
Component: engine
 2014-03-10 21:10:23 +00:00
Victor Vieux
6a607918e7 remove utils.go 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
Upstream-commit: d648708d02134c3dc6788ad21325224d849b3b8f
Component: engine
 2014-03-10 21:06:27 +00:00
Guillaume J. Charmes
66069773bc Merge branch 'master' into add_freebsd_support 
Conflicts:
	archive/archive.go
	archive/start_unsupported.go
Upstream-commit: bb43761940848650c1eab3c097d826892bd5b140
Component: engine
 2014-03-10 13:20:49 -07:00
Victor Vieux
ddfc798df3 handle capital 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
Upstream-commit: 7da37fec13a0097284ffbbe05514de477cd98677
Component: engine
 2014-03-07 23:40:45 +00:00
Michael Crosby
957f74b876 Add env var to toggle pivot root or ms_move 
Use the  DOCKER_RAMDISK env var to tell the native driver not to use
a pivot root when setting up the rootfs of a container.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 36dd124b16a76704a88142fa96bb4bb6260dd821
Component: engine
 2014-03-06 19:30:52 -08:00
Victor Vieux
3398dcb261 improve alpha sort in mflag 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
Upstream-commit: 3729ece2ea1c4aad286b7535a7c137045a9da107
Component: engine
 2014-03-07 02:20:59 +00:00
Michael Crosby
6f0ad9195c Revert "Revert "libcontainer: Use pivot_root instead of chroot"" 
This reverts commit 82f797f14096430c3edbace1cd30e04a483ec41f.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: c38635020accaffa6868f19f308042be051132a0
Component: engine
 2014-03-06 17:19:59 -08:00
Michael Crosby
3e4d7be838 Revert "Revert "libcontainer: Use MS_PRIVATE instead of MS_SLAVE"" 
This reverts commit bd263f5b15b51747e3429179fef7fcb425ccbe4a.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 557e4fef4418a251dd3a6817b97e5c1be055cbf3
Component: engine
 2014-03-06 17:19:47 -08:00
unclejack
9ba4572a15 Merge pull request #4512 from crosbymichael/no-pivot-root 
No pivot root because of ramdisk
Upstream-commit: 78dc1ede5202c8867e011582af8752810f817e9f
Component: engine
 2014-03-07 02:54:03 +02:00
Michael Crosby
d96ead6498 Revert "libcontainer: Use MS_PRIVATE instead of MS_SLAVE" 
This reverts commit 757b5775725fb90262cee1fa6068fa9dcbbff59f.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: bd263f5b15b51747e3429179fef7fcb425ccbe4a
Component: engine
 2014-03-06 16:41:03 -08:00
Michael Crosby
cf4ed6c883 Revert "libcontainer: Use pivot_root instead of chroot" 
This reverts commit 5b5c884cc8266d0c2a56da0bc2df14cc9d5d85e8.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 82f797f14096430c3edbace1cd30e04a483ec41f
Component: engine
 2014-03-06 16:32:06 -08:00