docker/cli
1
0
Fork 0
mirror of https://github.com/docker/cli.git synced 2026-01-18 08:21:31 +03:00
Code Activity
10,073 Commits 12 Branches 296 Tags
9df494bb71f04afd96099bc8a10228a14a2d998d
Commit Graph

56 Commits

Author SHA1 Message Date
Alexandr Morozov
855652ad6c Move TestRunExit to integration-cli 
Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com>
Upstream-commit: c19e0fe7e2c626218c854aa97fd3f23d29f11615
Component: engine
 2014-08-12 13:40:14 +04:00
Alexandr Morozov
3f9bc8ad8a Move TestRunWorkdirExistsAndIsFile to integration-cli 
Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com>
Upstream-commit: a44f065f171cb91867630e752c09fde4b01d4c98
Component: engine
 2014-08-12 12:22:25 +04:00
Michael Crosby
80a9f6e508 Merge pull request #7405 from LK4D4/indicate_run_volume_test_pass 
Print about "copy volume content" test passing
Upstream-commit: 01022a305d7b822ff9740dd0ce992064bffbd4d8
Component: engine
 2014-08-07 15:09:41 -07:00
LK4D4
40ff72d2d0 Print about "copy volume content" test passing 
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
Upstream-commit: 825ca10dfdaedfef17d92d898208c6f7e6dcb8e5
Component: engine
 2014-08-04 21:27:28 +04:00
Alexandr Morozov
c9f0913ee9 Inherit Cmd only if no --entrypoint specified on run 
Fixes #5147
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
Upstream-commit: aa2d6dbc0c64efb515646dd2d339ff857c94c3b7
Component: engine
 2014-08-04 21:17:37 +04:00
Michael Crosby
be8ae878bc Merge pull request #7295 from vishh/rbind 
Make lxc driver rbind all user specified mounts.
Upstream-commit: 5d2a62d8de5422b29daa12eef9bd475e2a9b1cb4
Component: engine
 2014-08-01 10:25:45 -07:00
Tianon Gravi
15ebfed254 Update TestEnvironment to explicitly set "HOME" to be empty so it gets autofilled 
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: 8ea72422502d65421bc36dda48d384588f519a77
Component: engine
 2014-07-31 12:46:41 -06:00
Tianon Gravi
cdc00db1ec Add support for autodetected HOME from USER (if HOME is unset) 
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: 57b9467f45571c1bd98ebe4b73c6cf3d97ff051c
Component: engine
 2014-07-31 12:46:36 -06:00
Vishnu Kannan
90b29cb0b4 Add a cli integration test for recursive bind mounting. 
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
Upstream-commit: 3e1c1567eac59c7b808d37aa45f82ce67227e59c
Component: engine
 2014-07-30 02:23:24 +00:00
Victor Vieux
6ae4c9014c update go import path and libcontainer 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: b3ee9ac74e171e00f14027e39278013629e681b8
Component: engine
 2014-07-24 22:19:50 +00:00
LK4D4
d628315a52 Move TestCopyVolumeContent to integration-cli 
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
Upstream-commit: e88487b321fba4d1a6d9dcd080ec5b9ae024865e
Component: engine
 2014-07-19 12:42:27 +04:00
LK4D4
c0a07344c1 Move TestCopyVolumeUidGid to integration-cli 
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
Upstream-commit: 9a7c5be7d1d71d339b857ec20ca03cc09d4bbfa2
Component: engine
 2014-07-19 12:42:27 +04:00
Alexandr Morozov
ee8e73d083 Tests on container state changing 
It could catch error that was fixed in #6954
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
Upstream-commit: 4162309d116fe5cb171d7d212842fe5406c544df
Component: engine
 2014-07-18 21:51:55 +04:00
Victor Vieux
b18fd72d71 Merge pull request #7083 from mheon/6983_bugfix 
Fix Panic with -t and -a stderr
Upstream-commit: 5948b105e7dcc7428e9525ccb44d543169b47a6e
Component: engine
 2014-07-17 18:41:24 -07:00
Matthew Heon
e650e69f7d Bugfix: only use io.Copy in hijack if attaching both stdout and stderr 
Add regression tests to ensure issue is fixed.

Docker-DCO-1.1-Signed-off-by: Matt Heon <mheon@redhat.com> (github: mheon)
Upstream-commit: 1476f295aca20e1c35383c133219d54a5373183f
Component: engine
 2014-07-17 13:47:33 -04:00
unclejack
697ca2953b don't allow links to be used with --net=host 
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Upstream-commit: be8cea98560f4e63ff367a632539bf9f6bf929a4
Component: engine
 2014-07-17 00:32:24 +03:00
Michael Crosby
5a03c34f92 Allow case insensitive caps for add and drop 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
Upstream-commit: 7c19499c635358719c5a9c9fb1cb66a5fcf12718
Component: engine
 2014-07-16 11:47:55 -07:00
Victor Vieux
e7f2c9317d add check for invalid caps 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: c04230c42b7a953ffe50bc37d351f86e80a442e6
Component: engine
 2014-07-11 23:43:21 +00:00
Victor Vieux
5201bb5120 support add and drop in both order 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: 064b5f870db39e33f18d6dd405f2bdab98255ef7
Component: engine
 2014-07-11 23:43:21 +00:00
Victor Vieux
669e2fe479 add basic support for 'all' 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: 222a6f44016451dcbd2da0003e64521c06e88ba9
Component: engine
 2014-07-11 23:43:21 +00:00
Victor Vieux
986cb2347f fix job and add tests 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: 8344b6d7368b90c567f43e0c17d4495e2e7b12f5
Component: engine
 2014-07-11 23:43:21 +00:00
Timothy
c15db86f61 Add --device flag to allow additional host devices in container 
We add a --device flag which can be used like:

 docker run --device /dev/sda:/dev/xvda:rwm ubuntu /bin/bash

To allow the container to have read write permissions to access the host's /dev/sda via a node named /dev/xvda in the container.

Note: Much of this code was written by Dinesh Subhraveti dineshs@altiscale.com (github: dineshs-altiscale) and so he deserves a ton of credit.

Docker-DCO-1.1-Signed-off-by: Timothy <timothyhobbs@seznam.cz> (github: timthelion)
Upstream-commit: e855c4b92170534864b920ec1e267b3a815764f9
Component: engine
 2014-07-10 10:35:53 -07:00
Fabio Falci
525592aa62 Relax dns search to accept empty domain 
In that case /etc/resolv.conf will be generated with no search
option. Usage: --dns-search=.

Docker-DCO-1.1-Signed-off-by: Fabio Falci <fabiofalci@gmail.com> (github: fabiofalci)
Upstream-commit: 804b00cd7d1f084a872211e5043d255c454c8e51
Component: engine
 2014-07-04 09:33:53 +01:00
unclejack
1e5262e71f integcli: add test to ensure -v /:/ isn't allowed 
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Upstream-commit: 38b005ec69e62d93453ac4013fe6bfa2fccebc5d
Component: engine
 2014-06-27 19:51:24 +03:00
Michael Crosby
cb56a2df49 Allow / as source of -v 
We discussed this at the docker plumbers meetup and for tools and
working on the system for things like boot2docker and coreos this is
needed.  You can already bypass this check so we felt it is ok to start
allowing this feature.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
Upstream-commit: e39b8eade1f42503b6b7217e72eff4c8fdc13cb6
Component: engine
 2014-06-26 10:50:18 -07:00
Tibor Vass
2ab25c0f86 add integration test for --workdir=/ 
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
Upstream-commit: baacc7006b35badb2e9ba807451ab158936d7832
Component: engine
 2014-06-25 11:02:59 -04:00
Tibor Vass
3325b6e290 fix bug in FollowSymlinkInScope when link == root 
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
Upstream-commit: 385c9b1a08aeaf7e08363007e5bb79bf30225b7e
Component: engine
 2014-06-25 11:02:59 -04:00
Tibor Vass
13250a8dcd rename TestVolumeWithSymlink to TestCreateVolumeWithSymlink and remove run_tests folder 
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
Upstream-commit: def86d0cf4d80e037f2ecabdff68bab6652cb741
Component: engine
 2014-06-18 15:51:27 -04:00
Tibor Vass
788ab1fd24 add integration test 
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
Upstream-commit: c4c92e66cdb9fa4c141b4fa4872af37037e1bbe2
Component: engine
 2014-06-18 15:50:39 -04:00
LK4D4
172faefd3c Fix go vet errors 
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)

Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: f08cd445b0d2e44a4977a3bd0dca0a1cd4e76d2f
Component: engine
 2014-06-18 17:39:57 +00:00
Victor Vieux
13764748a8 add test 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
Upstream-commit: 9494643bf1fcd38974266555e59e1b2d2573c418
Component: engine
 2014-06-12 19:11:51 +00:00
Michael Crosby
382f8a23ad Add SYS_CHROOT cap to unprivileged containers 
Fixes #6103
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 41f7cef2bd186d321fc4489691ba53ab41eb48e5
Component: engine
 2014-06-02 18:23:47 -07:00
Timothy Hobbs
52c8a31f21 Refactor device handling code 
We now have one place that keeps track of (most) devices that are allowed and created within the container.  That place is pkg/libcontainer/devices/devices.go

This fixes several inconsistencies between which devices were created in the lxc backend and the native backend.  It also fixes inconsistencies between wich devices were created and which were allowed.  For example, /dev/full was being created but it was not allowed within the cgroup.  It also declares the file modes and permissions of the default devices, rather than copying them from the host.  This is in line with docker's philosphy of not being host dependent.

Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: https://github.com/timthelion)
Upstream-commit: 608702b98064a4dfd70b5ff0bd6fb45d2429f45b
Component: engine
 2014-05-30 19:21:29 +00:00
Michael Crosby
46f785b005 Update ip test to parse new output 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 24872379375dd66518f09b8063698c2d1fb08df9
Component: engine
 2014-05-23 13:22:01 -07:00
Michael Crosby
7dcc66f3df Update integration tests with --net flag 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 581e8e891886e6db387ed27aabda7dd8f1d14174
Component: engine
 2014-05-23 11:31:01 -07:00
Brandon Philips
519b053861 integration-cli: fix spelling error in test 
Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
Upstream-commit: 61ac745d7a7dd192948e0c1cfbdff87af7715c92
Component: engine
 2014-05-21 15:20:29 -07:00
Alexandr Morozov
823bf4bfec Check uid ranges 
Fixes #5647
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
Upstream-commit: 72d1e40c4a3b190319cfa5cb44b5e6f1694100fc
Component: engine
 2014-05-18 20:49:08 +04:00
Michael Crosby
4926e35bb1 Add cpuset cpus support for docker 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: adbe3096e8c8572925dbae5f19ac2ce2dc84fb1c
Component: engine
 2014-05-13 18:17:12 -07:00
Jérôme Petazzoni
7dc5aa24f0 Mount /proc and /sys read-only, except in privileged containers. 
It has been pointed out that some files in /proc and /sys can be used
to break out of containers. However, if those filesystems are mounted
read-only, most of the known exploits are mitigated, since they rely
on writing some file in those filesystems.

This does not replace security modules (like SELinux or AppArmor), it
is just another layer of security. Likewise, it doesn't mean that the
other mitigations (shadowing parts of /proc or /sys with bind mounts)
are useless. Those measures are still useful. As such, the shadowing
of /proc/kcore is still enabled with both LXC and native drivers.

Special care has to be taken with /proc/1/attr, which still needs to
be mounted read-write in order to enable the AppArmor profile. It is
bind-mounted from a private read-write mount of procfs.

All that enforcement is done in dockerinit. The code doing the real
work is in libcontainer. The init function for the LXC driver calls
the function from libcontainer to avoid code duplication.

Docker-DCO-1.1-Signed-off-by: Jérôme Petazzoni <jerome@docker.com> (github: jpetazzo)
Upstream-commit: 1c4202a6142d238d41f10deff1f0548f7591350b
Component: engine
 2014-05-01 15:26:58 -07:00
Michael Crosby
bf18e83e5d Merge pull request #5464 from tianon/close-leftover-fds 
Upstream-commit: e88ef454b7a8705570623e6d26f51731b8300e0f
Component: engine
 2014-04-30 12:27:52 -07:00
Tianon Gravi
614fad87b9 Close extraneous file descriptors in containers 
Without this patch, containers inherit the open file descriptors of the daemon, so my "exec 42>&2" allows us to "echo >&42 some nasty error with some bad advice" directly into the daemon log. :)

Also, "hack/dind" was already doing this due to issues caused by the inheritance, so I'm removing that hack too since this patch obsoletes it by generalizing it for all containers.

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: d5d62ff95574a48816890d8d6e0785a79f559c3c
Component: engine
 2014-04-29 16:45:28 -06:00
Tibor Vass
d6436680b6 Fixes #5152 : symlink in volume path 
Docker-DCO-1.1-Signed-off-by: Tibor Vass <teabee89@gmail.com> (github: tiborvass)
Upstream-commit: e9a42a45bfe296850a72ba6ee5e7c0c04534ea34
Component: engine
 2014-04-28 13:18:12 -07:00
Michael Crosby
8bd8490f43 Update create with apparmor import 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 90678b31331de54598c7a6665c3e7a78bfe6ed63
Component: engine
 2014-04-24 10:35:20 -07:00
Michael Crosby
20ba5d97da No not mount sysfs by default for non privilged containers 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 81e5026a6afb282589704fd5f6bcac9ed50108ea
Component: engine
 2014-04-24 10:35:20 -07:00
Michael Crosby
42d84ccd4c Port privileged tests 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 296fcf331f2886d2aba3cfb929887dfbb603643d
Component: engine
 2014-04-18 03:20:17 +00:00
Michael Crosby
a871063b21 Port networking tests 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: caad45d0edd9c1e48eac6e0ae0889039ca6844fc
Component: engine
 2014-04-18 03:12:27 +00:00
Michael Crosby
1437557de2 Port environment test 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 47510bd6eb83c43450ba53cb3db13aa340e8226c
Component: engine
 2014-04-18 02:53:08 +00:00
Michael Crosby
e3eecbd979 Port user tests and concurrent tests 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: e2ed4b9077a46adbe3e4388166bb41969f7fb425
Component: engine
 2014-04-18 02:47:39 +00:00
Michael Crosby
a4830050bf Port volumes and exit code tests 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 03993eb5340f1d520e23eac3dfe01d604fe7297f
Component: engine
 2014-04-18 02:34:10 +00:00
Michael Crosby
fa56c6f0d6 Add test verify container ID 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 76a19bb3a95ef788cd889b36b0af3b79327ff431
Component: engine
 2014-04-18 01:58:20 +00:00