Commit Graph

313 Commits

Author SHA1 Message Date
Michael Crosby 874953d781 Ignore isnotexist errors for restrict paths
Handle the error when remounting certain files and paths as readonly if
they do not exist.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-16 12:32:15 -07:00
Victor Marmol 4145356abe Merge pull request #21 from mrunalp/use_path_max
Use PATH_MAX as buffer size for buffers containing paths.
2014-06-16 11:06:28 -07:00
Mrunal Patel 014bb3f18f Use PATH_MAX as buffer size for buffers containing paths.
Docker-DCO-1.1-Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
2014-06-16 10:48:25 -07:00
Victor Marmol 3b5ae6c352 Merge pull request #15 from alexlarsson/mount-cgroup-in-container
Mount cgroup in container
2014-06-16 08:57:59 -07:00
Alexander Larsson b441dfa729 Mount cgroups in the container
We make a tmpfs on /sys/fs/cgroups, and here we mount read-only
versions of all the host cgroups. Additionally we make symlinks
for all merged subsystems.

For any "named" cgroup, such as "name=systemd" we also mount the
subset of the cgroup where the container lives as read-write. This
means that the container can create sub-cgroups inside the container
and move tasks into those, but it can never escape from its current
position in the cgroup hierarchy.

In particular, this allows systemd to mostly work in a non-privileged
container. The only problem currently is that PrivateTmp=true fails
because systemd is not allowed to mount a new /tmp.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-06-16 17:16:23 +02:00
Alexander Larsson e0e0da9e28 pkg/cgroups Add GetCgroupMounts() and GetAllSubsystems()
This lists all currently mounted cgroups and all supported cgroup
subsystems on the machine.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
2014-06-16 17:16:10 +02:00
Victor Marmol 124aba2f15 Merge pull request #20 from vbatts/vbatts-cleanup_setns
nsenter: fixing the cpp order
2014-06-13 11:19:07 -07:00
Vincent Batts d7cbde80a1 nsenter: fixing the cpp order
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
2014-06-13 13:09:13 -04:00
Victor Marmol 82a1592e88 Merge pull request #10 from glyn/hack
Initial hacker documentation
2014-06-13 09:49:15 -07:00
Victor Marmol c59b670720 Merge pull request #14 from tianon/travis
Add Travis
2014-06-13 08:59:16 -07:00
Glyn Normington e3a8e4e73e Change how to become a maintainer
These changes were suggested by @vmarmol.

Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
2014-06-13 12:06:05 +01:00
Glyn Normington 988950a4dc Add placeholder for dev env setup
Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
2014-06-13 12:06:05 +01:00
Glyn Normington e39a0f1eac Correct links to libcontainer issues
Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
2014-06-13 12:06:05 +01:00
Glyn Normington f363dd3830 Clarify roadmap
Remove lxc and aufs dependencies and priority of running on older kernels.

Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
2014-06-13 12:06:05 +01:00
Glyn Normington 976a57b02e Add section on testing
Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
2014-06-13 12:06:05 +01:00
Glyn Normington 74409a5de5 Merge approval criteria
This is based on feedback from @rjnagal.

Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
2014-06-13 12:05:59 +01:00
Glyn Normington f589d42e81 Remove reference to non-existent script
Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
2014-06-13 11:25:57 +01:00
Glyn Normington 97a3a7109a Avoid implying Michael wrote the Maintainers' Guide
Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
2014-06-13 11:25:57 +01:00
Glyn Normington 1c81b532f2 Aspiring maintainers must be aware of the election process
Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
2014-06-13 11:25:57 +01:00
Glyn Normington 6087476b48 Grammatical improvements
Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
2014-06-13 11:14:29 +01:00
Glyn Normington 3ce18ef0b3 Move hack directory contents to top level
Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
2014-06-13 11:14:29 +01:00
Glyn Normington 5e3312f358 Remove reference to AUTHORS file
Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
2014-06-13 11:14:29 +01:00
Glyn Normington b49464f6c6 Initial hacker documentation
This was such a good resource in Docker that it would be a shame to
lose it. Unfortunately, we can't just link to the corresponding
information in the Docker project as a number of aspects are bound to
be different here.

Docker-DCO-1.1-Signed-off-by: Glyn Normington <gnormington@gopivotal.com> (github: glyn)
2014-06-13 11:14:28 +01:00
Tianon Gravi 6980a6e2fd Add Tianon as the .travis.yml maintainer
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
2014-06-12 13:01:30 -06:00
Tianon Gravi 91b5dbe867 Update .travis.yml to invoke Docker's scripts directly
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
2014-06-12 13:00:04 -06:00
Victor Marmol dae62af4d2 Merge pull request #12 from vbatts/vbatts-fix_setns_rhel6
nsenter: fix setns() for rhel6 (glibc-2.12)
2014-06-12 11:44:52 -07:00
Victor Marmol a30b789e07 Merge pull request #11 from timthelion/patch-1
Grammar in README
2014-06-12 11:44:03 -07:00
Victor Marmol 4fe4e5c298 Merge pull request #8 from LK4D4/fix_vet_errors
Fix vet errors
2014-06-12 11:43:39 -07:00
Victor Marmol 7fffa34066 Merge pull request #5 from crosbymichael/build-flag
Add build flag for nsenter file
2014-06-12 11:42:59 -07:00
Michael Crosby f00e7f96db Add travis.yml file
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-12 10:42:31 -07:00
Vincent Batts c43dd7b50d nsenter: fix setns() for rhel6 (glibc-2.12)
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
2014-06-12 13:25:52 -04:00
Timothy Hobbs eb396d3136 Grammar in README 2014-06-12 16:07:31 +00:00
LK4D4 0c2c75b12a Fix vet errors
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
2014-06-12 09:52:31 +04:00
Michael Crosby 1a01d3be50 Add build flag for nsenter file
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-11 11:40:33 -07:00
Michael Crosby 8f74c29bc5 Merge pull request #3 from crosbymichael/update-maintainer-email
Update email address in maintainer file
2014-06-11 11:08:02 -07:00
Michael Crosby 588a4d31ab Update email address in maintainer file
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
2014-06-10 21:17:28 -07:00
Michael Crosby bfcd86f32d Remove todo in favor of github issues 2014-06-10 08:22:54 -07:00
Michael Crosby 10597cb9c5 Update maintainers file 2014-06-10 08:21:46 -07:00
Michael Crosby 6ab3ef56f4 Update imports for new repository path 2014-06-10 08:14:16 -07:00
Solomon Hykes c1bcd3829b Add licensing information
Signed-off-by: Solomon Hykes <solomon@docker.com>
2014-06-09 16:16:58 -07:00
Michael Crosby bd92fe8a70 Gofmt imports
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-06-09 16:01:57 -07:00
Michael Crosby 3b1acc34fb Move libcontainer deps into libcontainer
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-06-09 15:52:12 -07:00
Michael Crosby 2d538dc80d Update for nsenter
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-06-05 14:31:16 -07:00
Michael Crosby 4e51c8b41f Update nsinit to be nicer to work with and test
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-06-05 14:13:02 -07:00
Michael Crosby 2b0cb56eb9 Exclude the user namespace for setns
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-06-04 18:03:17 -07:00
Michael Crosby 3e6f4b3d0b Move env load to nsenter
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-06-04 17:54:00 -07:00
Victor Marmol 944b4434a6 Adding initial version of C-based nsenter for allowing execin in
libcontainer.

Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
2014-06-05 00:44:13 +00:00
Michael Crosby ed7f4a0f6d Rename nsinit package to namespaces in libcontainer
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
2014-06-04 15:47:57 -07:00
Michael Crosby eec4c0b965 Merge pull request #6198 from vishh/stats2
Add more stats to libcontainer.
2014-06-04 15:28:19 -07:00
Vishnu Kannan 7b4689667b Add stats for memory allocation failure count and instantaneous cpu usage in the usermode and kernelmode.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-06-04 21:20:21 +00:00