docker/cli
1
0
Fork 0
mirror of https://github.com/docker/cli.git synced 2026-01-15 07:40:57 +03:00
Code Activity
9,276 Commits 12 Branches 295 Tags
6b22b2d896a41fa37bb360253fc8ec3cb893dea6
Commit Graph

82 Commits

Author SHA1 Message Date
Victor Vieux
ce98881516 fix compilation and panic 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: d403936818b8785b65ff55ebab0d266b4a871ef6
Component: engine
 2014-07-02 00:54:08 +00:00
Tibor Vass
356f6ecbf3 Add backwards READ compatibility for the old libcontainer API 
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
Upstream-commit: cccb64e8633eee309e6ce33c3bb41614edd70d81
Component: engine
 2014-07-02 00:19:05 +00:00
Tibor Vass
ce22a9b1ec Use new libcontainer.State API 
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
Upstream-commit: 262d45e0fe483dbc6d27bc6af51590a8be42d55f
Component: engine
 2014-06-30 18:27:15 -04:00
Michael Crosby
68391774fe Update libcontainer Context changes 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
Upstream-commit: c9fdb08bdafb90b76cfa804b079d2e446a3503e4
Component: engine
 2014-06-26 16:56:39 -07:00
Solomon Hykes
9a4ed6541e Merge pull request #6218 from vieux/update_maintainers 
Upstream-commit: c9e647e42f3019b619b0ef47ff944831c226624c
Component: engine
 2014-06-25 17:00:32 -07:00
Michael Crosby
0daa61f085 Rename libcontainer.Container to libcontainer.Config 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
Upstream-commit: 1dc8e2ffab795f4999a122b4a576d54e03c7c61a
Component: engine
 2014-06-24 11:31:03 -07:00
Michael Crosby
d4e9300e80 Update libcontainer references 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
Upstream-commit: cee6f4506c79c6fc21769d427ac4dd51c28450c3
Component: engine
 2014-06-24 11:31:03 -07:00
Michael Crosby
16f6e09488 Update close fd issues for lxc 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
Upstream-commit: 707ef9618b3b26a0534a0af732a22f159eccfaa5
Component: engine
 2014-06-19 16:02:21 -04:00
Michael Crosby
1316dc9e2d Use libcontainer cap drop method 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
Upstream-commit: d31ae5aed80eeb40a461930776ad2b507804bf4e
Component: engine
 2014-06-19 16:00:53 -04:00
Dinesh Subhraveti
84bd7e4c9e Maintain a whitelist of capabilities rather than droplist 
This fixes 6/18 vulnerability

Docker-DCO-1.1-Signed-off-by: Dinesh Subhraveti <dineshs@altiscale.com> (github: dineshs-altiscale)
Upstream-commit: cf331cdd6ad35c6e0d291df51b49aef5909671f5
Component: engine
 2014-06-19 03:34:04 -04:00
Victor Vieux
86a79a73e0 update MAINTAINERS files 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: 06248d745a6a69b14595a699e0e5b3e883d8ea3a
Component: engine
 2014-06-16 22:20:07 +00:00
Solomon Hykes
76dc816a6e Guillaume is busy full-time on his new business, and no longer available 
as a maintainer.

Best of luck on your e-commerce business Guillaume, and thanks for all
the great contributions!

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Upstream-commit: 41d437117d13d445192b92a93955dec5c012512c
Component: engine
 2014-06-16 06:22:15 -07:00
Michael Crosby
455e8c968c Merge pull request #6060 from dineshs-altiscale/maintainers 
Add Dinesh Subhraveti to MAINTAINERS
Upstream-commit: c99ee556d4e9a028fa68b40816b75200be690534
Component: engine
 2014-06-11 14:37:01 -07:00
Michael Crosby
52b8a282c3 Update libcontainer imports 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 8194556337b65dda71a3d4d7f6ae9653ad5a19a0
Component: engine
 2014-06-10 19:58:15 -07:00
Michael Crosby
b00f7d0626 Gofmt imports 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: bae6a5a616cfc382f45a25af13633681875ddff0
Component: engine
 2014-06-09 16:01:57 -07:00
Michael Crosby
3c7670e68c Move libcontainer deps into libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 6158ccad97db51e756aafefb096d1163aa4d6439
Component: engine
 2014-06-09 15:52:12 -07:00
Michael Crosby
4f6cc66699 Add CAP_KILL to unprivileged containers 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: fa72eb3a58ebfec8ef1b27d8e7aa8cbdb41733a2
Component: engine
 2014-06-07 15:18:18 -07:00
Victor Vieux
5bfe5a532a add wait4 after kill 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: 30ba7546cb5a1ff7e4915c5a25dd8d72b3bf735b
Component: engine
 2014-06-06 00:32:14 +00:00
Michael Crosby
e9b3abdfc5 Rename nsinit package to namespaces in libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 8aff01c0b447fa4d68f053c44e8baf7b24247164
Component: engine
 2014-06-04 15:47:57 -07:00
Chris Alfonso
0fc07e0aef Integrating systemd freeze functionality. 
This pulls together #6061 and #6125

Docker-DCO-1.1-Signed-off-by: Chris Alfonso <calfonso@redhat.com> (github: calfonso)
Upstream-commit: 26246ebd5379a83b2ed656668bd985c652e98167
Component: engine
 2014-06-04 13:33:44 -06:00
Ian Main
77114664a4 Add ability to pause/unpause containers via cgroups freeze 
This patch adds pause/unpause to the command line, api, and drivers
for use on containers.  This is implemented using the cgroups/freeze
utility in libcontainer and lxc freeze/unfreeze.

Co-Authored-By: Eric Windisch <ewindisch@docker.com>
Co-Authored-By: Chris Alfonso <calfonso@redhat.com>
Docker-DCO-1.1-Signed-off-by: Ian Main <imain@redhat.com> (github: imain)
Upstream-commit: b054569cde788b2111ddbc4080b215dcda89f06e
Component: engine
 2014-06-04 13:33:44 -06:00
unclejack
7d5cb46a54 apparmor: write & load the profile on every start 
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Upstream-commit: 1ef3ca83d8624aaaaed05cfce1f71282d70d84dd
Component: engine
 2014-06-04 00:56:35 +03:00
Michael Crosby
382f8a23ad Add SYS_CHROOT cap to unprivileged containers 
Fixes #6103
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 41f7cef2bd186d321fc4489691ba53ab41eb48e5
Component: engine
 2014-06-02 18:23:47 -07:00
Shane Canon
a710a9b84a Fix for setuid race condition in LXC driver 
This is a fix for a race condition in the LXC driver.  This is described
more in issue #6092.

Closes #6092

Docker-DCO-1.1-Signed-off-by: Shane Canon <scanon@lbl.gov> (github: scanon)
Upstream-commit: f9705477d023c63fb316a30204761aa1e3cb3e6d
Component: engine
 2014-05-31 10:42:48 -07:00
Michael Crosby
3248c6e81c Ensure all dev nodes are copied for privileged 
This also makes sure that devices are pointers to avoid copies
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 69989b7c06b0ca6737e83ddf8fcfa2dfccc57a7c
Component: engine
 2014-05-30 18:39:11 -07:00
unclejack
bc9024a72e Merge pull request #6097 from timthelion/consistentdevices 
Refactor device handling code
Upstream-commit: 0ef637722f69cff931b25c75d421e231ab75af75
Component: engine
 2014-05-31 03:34:52 +03:00
Timothy Hobbs
52c8a31f21 Refactor device handling code 
We now have one place that keeps track of (most) devices that are allowed and created within the container.  That place is pkg/libcontainer/devices/devices.go

This fixes several inconsistencies between which devices were created in the lxc backend and the native backend.  It also fixes inconsistencies between wich devices were created and which were allowed.  For example, /dev/full was being created but it was not allowed within the cgroup.  It also declares the file modes and permissions of the default devices, rather than copying them from the host.  This is in line with docker's philosphy of not being host dependent.

Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: https://github.com/timthelion)
Upstream-commit: 608702b98064a4dfd70b5ff0bd6fb45d2429f45b
Component: engine
 2014-05-30 19:21:29 +00:00
Alexandr Morozov
57a9b63e5e Fix race in native driver on activeContainers usage 
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
Upstream-commit: 64bd6a6a5342c87db7096f60365d270d0d69e9d2
Component: engine
 2014-05-30 14:16:00 +04:00
Victor Marmol
ea766a12d8 Merge pull request #5868 from jhspaybar/5749-libcontainerroutes 
libcontainer support for arbitrary route table entries
Upstream-commit: 5e2af0713735d6724179540d4d1b0827ab8c4570
Component: engine
 2014-05-28 10:50:56 -07:00
William Thurston
fc7b9b154d Fixes #5749 
libcontainer support for arbitrary route table entries

Docker-DCO-1.1-Signed-off-by: William Thurston <me@williamthurston.com> (github: jhspaybar)
Upstream-commit: bf7f360dcac38037d5c4f9e2e90d01adc240ed2b
Component: engine
 2014-05-28 17:42:02 +00:00
Michael Crosby
0ef8d97b63 Update lxc to use cmd.Wait() 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 5310e8575f5a251000bbecd6d998eb11cb95fe04
Component: engine
 2014-05-27 13:52:05 -07:00
Dinesh Subhraveti
9c04f4398e Add Dinesh Subhraveti to MAINTAINERS 
Docker-DCO-1.1-Signed-off-by: Dinesh Subhraveti <dineshs@altiscale.com> (github: dineshs-altiscale)
Upstream-commit: 249524ec49a18c8389ed7b1a4cd2300250fadbc4
Component: engine
 2014-05-27 16:45:17 -04:00
Erik Hollensbe
05b57dfef1 Add Wait() calls in the appropriate spots 
Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
Upstream-commit: 92e41a02ce40c7d3446b8ca7ec5c5671ac3d8917
Component: engine
 2014-05-27 12:26:56 -07:00
Victor Vieux
e0f1623f01 add recursive device nodes 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: 0abb52c7a97940dc17c45ac45226af8156d0e712
Component: engine
 2014-05-22 22:29:13 +00:00
Victor Vieux
f41d7794be Merge pull request #5976 from crosbymichael/getpids 
Move get pid into cgroup implementation
Upstream-commit: 55d41c3e21e1593b944c06196ffb2ac57ab7f653
Component: engine
 2014-05-21 19:09:50 -07:00
Victor Vieux
69fad1b67f Merge pull request #5922 from crosbymichael/host-dev-priv 
Mount /dev in tmpfs for privileged containers
Upstream-commit: 5a0a03e3942651a07858c278c4b40a0ead50eccb
Component: engine
 2014-05-21 18:56:24 -07:00
Michael Crosby
189f43a3ba Move get pid into cgroup implementation 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 811d93326bc2d9451eb444e2343bb3063611de7a
Component: engine
 2014-05-21 21:14:07 +00:00
Tianon Gravi
d2e4e6b069 Revert "Always mount a /run tmpfs in the container" 
This reverts commit 905795ece624675abe2ec2622b0bbafdb9d7f44c.

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: 8e967fe8028d8362fe3dfb293a8e07a959a4dd7f
Component: engine
 2014-05-21 14:28:19 -06:00
Michael Crosby
37f08c7066 Update code post codereview 
Add specific types for Required and Optional DeviceNodes
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: f042c3c15759fce5cc139f2b3362b791ac7d4829
Component: engine
 2014-05-21 00:40:41 +00:00
Michael Crosby
ada6c057b6 Mount /dev in tmpfs for privileged containers 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 34c05c58c8d41ee2bb02cd8059e9928ee2f061ea
Component: engine
 2014-05-20 22:51:24 +00:00
Michael Crosby
417fd6d53a Fix network mode for lxc 1.0 
Fixes #5692

This change requires lxc 1.0+ to work and breaks lxc versions less than
1.0 for host networking.  We think that this is a find tradeoff by
bumping docker to only support lxc 1.0
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 0f278940947d74f2b7889ada18808779312f9608
Component: engine
 2014-05-20 19:10:23 +00:00
Alexander Larsson
da7177cbfd native driver: Add required capabilities 
We need SETFCAP to be able to mark files as having caps, which is
heavily used by fedora.
See https://github.com/dotcloud/docker/issues/5928

We also need SETPCAP, for instance systemd needs this to set caps
on its childen.

Both of these are safe in the sense that they can never ever
result in a process with a capability not in the bounding set of the
container.

We also add NET_BIND_SERVICE caps, to be able to bind to ports lower
than 1024.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: fcf2e9a9107c6c9aebaf63ce044f636333e7eed8
Component: engine
 2014-05-20 11:31:39 +02:00
Victor Marmol
4feffb64a0 Don't drop CAP_FOWNER in the container. Also sorts the list of allowed 
capabilities.

Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
Upstream-commit: 0abad3ae2290a2b051b8fdaceab17a1ee41ecfb9
Component: engine
 2014-05-19 16:52:39 +00:00
Victor Marmol
e3742d2641 Make libcontainer's CapabilitiesMask into a []string (Capabilities). 
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
Upstream-commit: 92614928cecd48b241011e614fa856c4fdbac1f6
Component: engine
 2014-05-17 00:44:10 +00:00
Victor Marmol
25e8afd42a Merge pull request #5810 from vmarmol/drop-caps 
Change libcontainer to drop all capabilities by default.
Upstream-commit: 01d10d6f13d62d74f850fea2a685b24b7983244e
Component: engine
 2014-05-16 11:51:41 -07:00
Timothy Hobbs
2ef3480938 Typo in execdrivers.go five => give 
Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: timthelion)
Upstream-commit: 408f050d648da0b64d353146a1be59827d76bf70
Component: engine
 2014-05-16 11:45:20 +00:00
Victor Marmol
48bd5989f0 Change libcontainer to drop all capabilities by default. Only keeps 
those that were specified in the config. This commit also explicitly
adds a set of capabilities that we were silently not dropping and were
assumed by the tests.

Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
Upstream-commit: 9d6875d19d3926faf6287487234ad0b2f1310e9d
Component: engine
 2014-05-16 00:57:58 +00:00
Michael Crosby
910f9d50e2 Move cgroups package into libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 3b7a19def609c8fbadc6559e7f47f8a5a7769a5b
Component: engine
 2014-05-14 15:21:44 -07:00
Victor Vieux
94d0641f06 Merge pull request #5756 from crosbymichael/move-units-to-pkg 
Move duration and size to units pkg
Upstream-commit: bc22c9948c5380715338aef63fcc6cccd1a16bd7
Component: engine
 2014-05-14 11:36:14 -07:00
Michael Crosby
4926e35bb1 Add cpuset cpus support for docker 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: adbe3096e8c8572925dbae5f19ac2ce2dc84fb1c
Component: engine
 2014-05-13 18:17:12 -07:00