Commit Graph

9 Commits

Author SHA1 Message Date
Dan Walsh 4c53074e23 Mount /dev/mqueue by default
Need this for supporting Posix Message Queues

man mq_overview

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
2014-10-28 19:35:35 -04:00
Alejandro Ojeda b7b7524f5f modified devices: filter /dev/console out of...
Applied crosbymichael's suggested changes

Signed-off-by: Alejandro Ojeda <alex@x3y.org>
2014-10-24 20:04:20 +02:00
Alejandro Ojeda 863a486d81 devices: filter /dev/console out of the node list
Fixed getDeviceNodes() so it won't add /dev/console to the device node
list.

This fixes an issue where containers wouldn't start if
/dev/console is a pts (which is the case when running docker inside
docker), because devpts inodes are special and cannot be created with
mknod: attempting to open the result of doing so will return EIO.

Since later libcontainer would attempt to open the file to mount --bind
over it and fail because of the EIO error, the container wouldn't start
if the /dev/console was a pts, which is the case inside a docker
that was started from a pts.

getDeviceNodes() already filters pts so this change is consistent
with the current behavior.

Signed-off-by: Alejandro Ojeda <alex@x3y.org>
2014-10-24 03:21:29 +02:00
Steve Powell 67e4c76c16 Inject errors into ioutil.ReadDir calls from devices.go
Added ioutilReadDir variable and test following the pattern
established by osLstat.

Signed-off-by: Steve Powell <spowell@pivotal.io>
2014-09-04 17:00:09 -07:00
Steve Powell 28e964bac6 Inject errors into os.Lstat call from devices.go
Since the caller of os.Lstat in devices.go is a function (not a method),
we use a variable to allow os.Lstat to be substituted during testing.

In this case the variable osLstat is private to the devices package to
prevent abuse. So the testcase needs to reside in the same package.

This commit includes a simple test of GetDevices() using osLstat to
simulate an error being returned from os.Lstat. In this case, the
behaviour of GetDevices() in the error case is trivial, but this may
change.

This is just the beginning of error injection. In future, it may be
necessary to pull out repetitive code sequences into a common file.

Signed-off-by: Steve Powell <spowell@pivotal.io>
2014-09-04 16:34:51 -07:00
Michael Crosby 55f3560c3e Get UID and GID for device nodes
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2014-09-01 17:29:50 -07:00
Michael Crosby bbb502c8db Use lstat to check device symlinks
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-16 14:51:02 -07:00
Michael Crosby c2a80eb59f Ensure all dev nodes are copied for privileged
This also makes sure that devices are pointers to avoid copies
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-05-30 18:39:11 -07:00
Timothy Hobbs 18f6a5aaf4 Refactor device handling code
We now have one place that keeps track of (most) devices that are allowed and created within the container.  That place is pkg/libcontainer/devices/devices.go

This fixes several inconsistencies between which devices were created in the lxc backend and the native backend.  It also fixes inconsistencies between wich devices were created and which were allowed.  For example, /dev/full was being created but it was not allowed within the cgroup.  It also declares the file modes and permissions of the default devices, rather than copying them from the host.  This is in line with docker's philosphy of not being host dependent.

Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: https://github.com/timthelion)
2014-05-30 19:21:29 +00:00