Update Drone commands to match the bits of the Travis config we need
Signed-off-by: Andrew Page <admwiggin@gmail.com>
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This is to support being able to DNAT/MASQ traffic from a container back into itself (dotcloud/docker#4442)
Docker-DCO-1.1-Signed-off-by: Patrick Hemmer <patrick.hemmer@gmail.com> (github: phemmer)
We need the ability when using --ipc container:ID to match the SELinux label of the
container that the new container is sharing a label with.
Also add the ability to get the option to disable SELinux labeling for a container.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Some workloads rely on IPC for communications with other processes. We
would like to split workloads between two container but still allow them
to communicate though shared IPC.
This patch allows us to mimic the --net code to allow --ipc=host to not split off
the IPC Namespace. ipc=container:CONTAINERID to share ipc between containers
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Fixed getDeviceNodes() so it won't add /dev/console to the device node
list.
This fixes an issue where containers wouldn't start if
/dev/console is a pts (which is the case when running docker inside
docker), because devpts inodes are special and cannot be created with
mknod: attempting to open the result of doing so will return EIO.
Since later libcontainer would attempt to open the file to mount --bind
over it and fail because of the EIO error, the container wouldn't start
if the /dev/console was a pts, which is the case inside a docker
that was started from a pts.
getDeviceNodes() already filters pts so this change is consistent
with the current behavior.
Signed-off-by: Alejandro Ojeda <alex@x3y.org>
Currently github.com/docker/libcontainer/cgroups/fs.GetStats does not provide the following metrics:
blkio.io_wait_time, blkio.io_service_time, blkio.io_merged, and blkio.time.
This commits add these four metrics. The descriptions of the metrics are here: https://www.kernel.org/doc/Documentation/cgroups/blkio-controller.txt.
It also modifies blkio_test and stats_util_test to ensure that the metrics are parsed.
Docker-DCO-1.1-Signed-off-by: Abin Shahab <ashahab@altiscale.com> (github: ashahab-altiscale)
This integration pkg adds a framework for writing integration tests
aginst the libcontainer APIs
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
We need to do this because it's a big dep. While we remove this
recursive dep this is the best that we can do right now.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
For our work on adding dynamic device support to Docker we needed to be
able to call this to update the list of allowed devices. This works for
both systemd and fs based cgroups implementations.
Co-Authored-By: Chris Alfonso <calfonso@redhat.com> (github: calfonso)
Docker-DCO-1.1-Signed-off-by: Ian Main <imain@redhat.com> (github: imain)
The set of the apparmor profile for the setns codepath was missing.
Selinux was being called but apparmor was forgotten. This was causing
no profiles to be applied to the extra process spawn inside an existing
container.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
docker exec changes the mount namespace which fools selinux bindings
into thinking SELinux is disabled. Bindings should just check if
a label is passed in and attempt to use it. Docker will not call these
functions with a label if SELinux is disabled.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
This is needed for the libvirt exec driver.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Docker-DCO-1.1-Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> (github: jpoimboe)
Tianon Gravi
Michael Crosby
Albert Zhang
Patrick Hemmer
Mrunal Patel
unclejack
Dan Walsh
Victor Marmol
Michael Crosby
Luca Favatella
Harshavardhana
Alejandro Ojeda
Mrunal Patel
Yohei Ueda
Dave Tucker
Abin Shahab
Ian Main
Ye Yin
Alexander Larsson