docker/cli
1
0
Fork 0
mirror of https://github.com/docker/cli.git synced 2026-01-22 03:22:01 +03:00
Code Activity
8,666 Commits 12 Branches 297 Tags
d0dbff4e5f3cd03741f2fe7377b0fd174cbe9a39
Commit Graph

19 Commits

Author SHA1 Message Date
Michael Crosby
41f42a620b Improve libcontainer namespace and cap format 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: db5f6b4aa0b34adbc9ba189a042e77e7bcdee681
Component: engine
 2014-05-05 12:34:21 -07:00
Michael Crosby
c0992a66d2 Fix execin with environment and Enabled support 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: aa9705f832d847d6e6ce76e19f3c952c194c167e
Component: engine
 2014-04-30 18:24:47 -07:00
Michael Crosby
8cf0bc757c Remove command factory and NsInit interface from libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 176c49d7a9e5a81b6c80e18dea84864148360597
Component: engine
 2014-04-30 17:55:15 -07:00
Michael Crosby
3b07a6b498 Export more functions from libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: b6b0dfdba7bda13d630217830423580c3152899d
Component: engine
 2014-04-30 17:18:07 -07:00
Michael Crosby
26fc4488a8 Remove logger from nsinit struct 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 162dafbcd5c4d57c7f436e11d90423ee6d7c3ce1
Component: engine
 2014-04-30 15:24:18 -07:00
Michael Crosby
0099e7d236 Refactor mounts into pkg to make changes easier 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 05b611574f85c7ff7d479e04e01ac2b57b233591
Component: engine
 2014-04-24 10:35:20 -07:00
Dan Walsh
f757666ccd This patch adds SELinux labeling support. 
docker will run the process(es) within the container with an SELinux label and will label
all of  the content within the container with mount label.  Any temporary file systems
created within the container need to be mounted with the same mount label.

The user can override the process label by specifying

-Z With a string of space separated options.

-Z "user=unconfined_u role=unconfined_r type=unconfined_t level=s0"

Would cause the process label to run with unconfined_u:unconfined_r:unconfined_t:s0"

By default the processes will run execute within the container as svirt_lxc_net_t.
All of the content in the container as svirt_sandbox_file_t.

The process mcs level is based of the PID of the docker process that is creating the container.

If you run the container in --priv mode, the labeling will be disabled.

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Upstream-commit: 4c4356692580afb3971094e322aea64abe0e2500
Component: engine
 2014-03-26 15:30:40 -04:00
Michael Crosby
2d58b8bf60 Only unshare the mount namespace for execin 
Fixes #4728
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 4b1513f9c394fbfdf21998db4318251b4e8b6bc0
Component: engine
 2014-03-17 18:52:56 -07:00
Michael Crosby
3f944b4fd6 Add initial logging to libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 7294392c729de4c5884eb967f192b34a1d8857a7
Component: engine
 2014-03-14 09:55:05 -07:00
Michael Crosby
e09257e20a Factor out finalize namespace 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 5465fdf00f3ece165cbd3bb680dcc571e81510dd
Component: engine
 2014-03-03 12:15:47 -08:00
Michael Crosby
9248431c6a Fix cross compile for make cross 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 93ed15075c43d521f05f4b8f96264efb7fe174e4
Component: engine
 2014-02-25 15:19:13 -08:00
Michael Crosby
0cd1a2f6a4 Move container.json and pid file into a root specific driver dir 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 96e33a7646b3669632f48ed1071aeb61b8016be1
Component: engine
 2014-02-25 12:41:31 -08:00
Guillaume J. Charmes
a70a6bdd53 Better capability/namespace management 
Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
Upstream-commit: 91bf120c51dec3bae98a1974929e2ae8107340c0
Component: engine
 2014-02-24 21:52:29 -08:00
Michael Crosby
0460b2181f Refactor and improve libcontainer and driver 
Remove logging for now because it is complicating things
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: f8453cd0499a51f5d3ffd2c2a6012972aef7f69f
Component: engine
 2014-02-24 21:11:52 -08:00
Michael Crosby
3dcdf3e0d6 Improve logging for nsinit 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 9cb4573d33607bc32e7db19981b3e9d5eaf449a0
Component: engine
 2014-02-24 18:38:36 -08:00
Michael Crosby
3ec79ee252 Make nsinit a proper go pkg and add the main in another dir 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 1316007e54e0c5a25f0d67675df7dec40286f5e8
Component: engine
 2014-02-21 14:56:17 -08:00
Michael Crosby
4441df6975 Add comments to many functions 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 70593be139647cdedca0130250626ea6e0b8a277
Component: engine
 2014-02-21 14:56:16 -08:00
Michael Crosby
e501c61ed3 Refactor to remove cmd from container 
Pass the container's command via args
Remove execin function and just look for an
existing nspid file to join the namespace
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: d84feb8fe5e40838c81321249189f1f0a02825bb
Component: engine
 2014-02-21 14:56:16 -08:00
Michael Crosby
eba71238f8 Add execin function to running a process in a namespace 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 420b5eb211f877baac9622e7bedde2948c043619
Component: engine
 2014-02-21 14:56:16 -08:00