mobi/moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2025-12-10 21:42:47 +03:00
Code Activity
12,570 Commits 20 Branches 527 Tags
95c0f07966035ce79c6b51a2eee8c60c59fb523c
Commit Graph

13 Commits

Author SHA1 Message Date
Abin Shahab
fdf7457683 LXC CAP ADD CAP DROP IN TEMPLATE 
Added cap-drop and cap-add in lxc template
Docker-DCO-1.1-Signed-off-by: Abin Shahab <ashahab@altiscale.com> (github: ashahab-altiscale)
 2014-12-05 23:08:22 +00:00
unclejack
acd64278f1 pkg/reexec: move reexec code to a new package 
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
 2014-10-30 14:48:30 +02:00
Michael Crosby
7321067176 Use argv0 as reexec implementation for dockerinit 
This changes the way the exec drivers work by not specifing a -driver
flag on reexec.  For each of the exec  drivers they register their own
functions that will be matched aginst the argv 0 on exec and called if
they match.

This also allows any functionality to be added to docker so that the
binary can be reexec'd and any type of function can be called.  I moved
the flag parsing on docker exec to the specific initializers so that the
implementations do not bleed into one another.  This also allows for
more flexability within reexec initializers to specify their own flags
and options.

Signed-off-by: Michael Crosby <michael@docker.com>
 2014-08-11 11:47:21 -07:00
Victor Vieux
5a0ef08c94 gofmt -s -w 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
 2014-07-24 22:25:29 +00:00
Victor Vieux
b3ee9ac74e update go import path and libcontainer 
Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
 2014-07-24 22:19:50 +00:00
Michael Crosby
d31ae5aed8 Use libcontainer cap drop method 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
 2014-06-19 16:00:53 -04:00
Dinesh Subhraveti
cf331cdd6a Maintain a whitelist of capabilities rather than droplist 
This fixes 6/18 vulnerability

Docker-DCO-1.1-Signed-off-by: Dinesh Subhraveti <dineshs@altiscale.com> (github: dineshs-altiscale)
 2014-06-19 03:34:04 -04:00
Michael Crosby
8194556337 Update libcontainer imports 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-06-10 19:58:15 -07:00
Michael Crosby
6158ccad97 Move libcontainer deps into libcontainer 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-06-09 15:52:12 -07:00
William Thurston
bf7f360dca Fixes #5749 
libcontainer support for arbitrary route table entries

Docker-DCO-1.1-Signed-off-by: William Thurston <me@williamthurston.com> (github: jhspaybar)
 2014-05-28 17:42:02 +00:00
Michael Crosby
a785882b29 Setup host networking for lxc and native 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-05 10:08:59 -07:00
Eiichi Tsukata
cac0cea03f drop CAP_SYSLOG capability 
Kernel capabilities for privileged syslog operations are currently splitted into
CAP_SYS_ADMIN and CAP_SYSLOG since the following commit:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce6ada35bdf710d16582cc4869c26722547e6f11

This patch drops CAP_SYSLOG to prevent containers from messing with
host's syslog (e.g. `dmesg -c` clears up host's printk ring buffer).

Closes #5491

Docker-DCO-1.1-Signed-off-by: Eiichi Tsukata <devel@etsukata.com> (github: Etsukata)
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
 2014-05-01 11:43:55 -07:00
Alexander Larsson
359b7df5d2 Rename runtime/* to daemon/* 
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
 2014-04-17 14:43:01 -07:00