This patch adds an os/user-like user lookup API, implemented in pure Go.
It also has some features not present in the standard library
implementation (such as group lookups).
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
This patch refactors most of GetUserGroupSupplementaryHome and its
signature, to make using it much simpler. The private parsing ftunctions
have also been exposed (parsePasswdFile, parseGroupFile) to allow custom
data source to be used (increasing the versatility of the user/ tools).
In addition, file path wrappers around the formerly private API
functions have been added to make usage of the API for callers easier if
the files that are being parsed are on the filesystem (while the
io.Reader APIs are exposed for non-traditional usecases).
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
This removes the entire syncpipe package and replaces it with standard
operations on the pipes. The syncpipe type just never felt right and
probably should not have been there.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Update Drone commands to match the bits of the Travis config we need
Signed-off-by: Andrew Page <admwiggin@gmail.com>
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This is to support being able to DNAT/MASQ traffic from a container back into itself (dotcloud/docker#4442)
Docker-DCO-1.1-Signed-off-by: Patrick Hemmer <patrick.hemmer@gmail.com> (github: phemmer)
We need the ability when using --ipc container:ID to match the SELinux label of the
container that the new container is sharing a label with.
Also add the ability to get the option to disable SELinux labeling for a container.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Some workloads rely on IPC for communications with other processes. We
would like to split workloads between two container but still allow them
to communicate though shared IPC.
This patch allows us to mimic the --net code to allow --ipc=host to not split off
the IPC Namespace. ipc=container:CONTAINERID to share ipc between containers
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Fixed getDeviceNodes() so it won't add /dev/console to the device node
list.
This fixes an issue where containers wouldn't start if
/dev/console is a pts (which is the case when running docker inside
docker), because devpts inodes are special and cannot be created with
mknod: attempting to open the result of doing so will return EIO.
Since later libcontainer would attempt to open the file to mount --bind
over it and fail because of the EIO error, the container wouldn't start
if the /dev/console was a pts, which is the case inside a docker
that was started from a pts.
getDeviceNodes() already filters pts so this change is consistent
with the current behavior.
Signed-off-by: Alejandro Ojeda <alex@x3y.org>
Currently github.com/docker/libcontainer/cgroups/fs.GetStats does not provide the following metrics:
blkio.io_wait_time, blkio.io_service_time, blkio.io_merged, and blkio.time.
This commits add these four metrics. The descriptions of the metrics are here: https://www.kernel.org/doc/Documentation/cgroups/blkio-controller.txt.
It also modifies blkio_test and stats_util_test to ensure that the metrics are parsed.
Docker-DCO-1.1-Signed-off-by: Abin Shahab <ashahab@altiscale.com> (github: ashahab-altiscale)
Mrunal Patel
Michael Crosby
Aleksa Sarai
Mrunal Patel
Albert Zhang
Michael Crosby
Alexandr Morozov
Tianon Gravi
Patrick Hemmer
unclejack
Dan Walsh
Victor Marmol
Luca Favatella
Harshavardhana
Alejandro Ojeda
Yohei Ueda
Dave Tucker
Abin Shahab