Commit Graph

852 Commits

Author SHA1 Message Date
Tianon Gravi eb0bc72222 Fix GOPATH after Drone mucks with it
Signed-off-by: Andrew Page <admwiggin@gmail.com>
2014-11-05 15:29:55 -07:00
Michael Crosby 1485c08fa8 Add drone.yml file
Update Drone commands to match the bits of the Travis config we need

Signed-off-by: Andrew Page <admwiggin@gmail.com>
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2014-11-05 22:29:41 +00:00
Albert Zhang 4291a5443d Sample configuration for ip routing Source Address Selection
Docker-DCO-1.1-Signed-off-by: Albert Zhang <zhgwenming@gmail.com> (github: zhgwenming)
2014-11-05 14:35:41 +08:00
Patrick Hemmer 2d4a713602 enable hairpin mode on virtual interface bridge port
This is to support being able to DNAT/MASQ traffic from a container back into itself (dotcloud/docker#4442)

Docker-DCO-1.1-Signed-off-by: Patrick Hemmer <patrick.hemmer@gmail.com> (github: phemmer)
2014-11-03 23:11:37 -05:00
Mrunal Patel ddb4f8a12f Merge pull request #251 from unclejack/fix_go1.4_syscalls
use system.Set{u,g}id to fix Set{u,g}id on Go 1.4
2014-11-03 12:39:49 -08:00
unclejack 59584e5ba1 use system.Set{u,g}id to fix Set{u,g}id on Go 1.4
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
2014-11-03 21:50:36 +02:00
Albert Zhang 7caee2a772 Use RTA_PREFSRC instead of RTA_SRC to make AddRoute() works with a provided source ip address.
Docker-DCO-1.1-Signed-off-by: Albert Zhang <zhgwenming@gmail.com> (github: zhgwenming)
2014-11-01 19:47:09 +08:00
Mrunal Patel d3eb885553 Merge pull request #247 from rhatdan/selinux
Add new interfaces for label/selinux
2014-10-29 13:48:49 -07:00
Dan Walsh 50922caec2 Add new interfaces for label/selinux
We need the ability when using --ipc container:ID to match the SELinux label of the
container that the new container is sharing a label with.

Also add the ability to get the option to disable SELinux labeling for a container.

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
2014-10-29 16:39:14 -04:00
Victor Marmol e481f88267 Merge pull request #246 from rhatdan/mqueue
Mount /dev/mqueue by default
2014-10-28 16:53:29 -07:00
Dan Walsh 4c53074e23 Mount /dev/mqueue by default
Need this for supporting Posix Message Queues

man mq_overview

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
2014-10-28 19:35:35 -04:00
Michael Crosby f60d7b9195 Merge pull request #245 from crosbymichael/share-ipc
Allow IPC namespace to be shared between containers or with the host
2014-10-28 15:17:07 -07:00
Michael Crosby ad9b433e6c Add test for ipc private and shared path
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2014-10-28 22:13:05 +00:00
Michael Crosby 85f3df2539 Add test for IPC host sharing
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2014-10-28 22:00:28 +00:00
Michael Crosby efd5f0a7e1 Merge branch 'unreserve' of https://github.com/rhatdan/libcontainer into rhatdan-unreserve 2014-10-28 21:44:55 +00:00
Michael Crosby fe3801ccd2 Merge pull request #244 from vmarmol/net-stats
Only fetch network stats we use.
2014-10-27 21:12:11 -07:00
Michael Crosby c9d5aaa5d5 Merge pull request #243 from ashahab-altiscale/242-additional-blkio-stats
ADDITIONAL CGROUPS BLKIO STATS
2014-10-27 17:18:00 -07:00
Victor Marmol 26bda36e5d Only fetch network stats we use.
The dynamic version using WalkPath() was expensive and we only used some
of the stats anyways.

Signed-off-by: Victor Marmol <vmarmol@google.com>
2014-10-27 17:09:36 -07:00
Mrunal Patel cda71a5a61 Merge pull request #238 from lucafavatella/contributing
Fix link re contributing in README
2014-10-26 13:34:44 -07:00
Luca Favatella 9c659a36a5 Fix link re contributing in README following renaming in 9b10e7f 2014-10-25 13:19:21 +01:00
Dan Walsh b6a9bdb38f Allow IPC namespace to be shared between containers or with the host
Some workloads rely on IPC for communications with other processes.  We
would like to split workloads between two container but still allow them
to communicate though shared IPC.

This patch allows us to mimic the --net code to allow --ipc=host to not split off
the IPC Namespace.  ipc=container:CONTAINERID to share ipc between containers

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
2014-10-25 06:16:20 -04:00
Michael Crosby 60471bdc7d Merge pull request #236 from harshavardhana/undefined
ErrNotSupportedPlatform is undefined define it
2014-10-24 11:40:36 -07:00
Harshavardhana 768ae3990c ErrNotSupportedPlatform is undefined define it
Signed-off-by: Harshavardhana <fharshav@redhat.com>
2014-10-24 11:36:30 -07:00
Mrunal Patel ac73007335 Merge pull request #235 from alexoj/master
devices: filter /dev/console out of the node list
2014-10-24 11:20:41 -07:00
Alejandro Ojeda b7b7524f5f modified devices: filter /dev/console out of...
Applied crosbymichael's suggested changes

Signed-off-by: Alejandro Ojeda <alex@x3y.org>
2014-10-24 20:04:20 +02:00
Alejandro Ojeda 863a486d81 devices: filter /dev/console out of the node list
Fixed getDeviceNodes() so it won't add /dev/console to the device node
list.

This fixes an issue where containers wouldn't start if
/dev/console is a pts (which is the case when running docker inside
docker), because devpts inodes are special and cannot be created with
mknod: attempting to open the result of doing so will return EIO.

Since later libcontainer would attempt to open the file to mount --bind
over it and fail because of the EIO error, the container wouldn't start
if the /dev/console was a pts, which is the case inside a docker
that was started from a pts.

getDeviceNodes() already filters pts so this change is consistent
with the current behavior.

Signed-off-by: Alejandro Ojeda <alex@x3y.org>
2014-10-24 03:21:29 +02:00
Victor Marmol aab3f6d17f Merge pull request #234 from mrunalp/move_contributors_file
Rename the file as per github convention.
2014-10-22 14:53:13 -07:00
Mrunal Patel 9b10e7fadf Rename the file as per github convention.
Docker-DCO-1.1-Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
2014-10-22 17:39:52 -04:00
Victor Marmol 4bce466f68 Merge pull request #231 from yoheiueda/fix-ioctl-endian-issue
Fix an endian bug for the ioctl argument
2014-10-22 11:14:35 -07:00
Yohei Ueda 92fc5f1b27 Fix an endian bug for the ioctl argument
Signed-off-by: Yohei Ueda <yohei@jp.ibm.com>
2014-10-23 07:06:09 +09:00
Mrunal Patel 3326e43966 Merge pull request #229 from dave-tucker/dev_enviroment
Add development environment instructions
2014-10-22 09:53:28 -07:00
Dave Tucker 6aac245e74 Add development environment instructions
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
2014-10-22 13:03:25 +01:00
Abin Shahab b9c834b7aa ADDITIONAL CGROUPS BLKIO STATS
Currently github.com/docker/libcontainer/cgroups/fs.GetStats does not provide the following metrics:
blkio.io_wait_time, blkio.io_service_time, blkio.io_merged, and blkio.time.

This commits add these four metrics. The descriptions of the metrics are here: https://www.kernel.org/doc/Documentation/cgroups/blkio-controller.txt.

It also modifies blkio_test and stats_util_test to ensure that the metrics are parsed.

Docker-DCO-1.1-Signed-off-by: Abin Shahab <ashahab@altiscale.com> (github: ashahab-altiscale)
2014-10-21 06:28:08 +00:00
Michael Crosby bed80e314f Merge pull request #228 from mrunalp/support_removed_syscalls
Adds support for Setuid/Setgid calls that has been removed from go 1.4
2014-10-20 14:14:49 -07:00
Mrunal Patel 7d268af0be Adds support for Setuid/Setgid calls that has been removed from
go HEAD and won't be available in go 1.4.

Docker-DCO-1.1-Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
2014-10-20 15:20:08 -04:00
Mrunal Patel c907e406fe Merge pull request #226 from crosbymichael/add-tests
Add integration test framework
2014-10-17 16:31:25 -07:00
Michael Crosby 3f2333b667 Add integration test pkg
This integration pkg adds a framework for writing integration tests
aginst the libcontainer APIs

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2014-10-17 23:25:30 +00:00
Michael Crosby 43145ecf1b Move the download of docker to top of dockerfile
We need to do this because it's a big dep.  While we remove this
recursive dep this is the best that we can do right now.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2014-10-17 00:00:16 +00:00
Victor Marmol 0f49d1f254 Merge pull request #209 from imain/publicjoin
Make joinDevices public.
2014-10-16 14:51:18 +02:00
Mrunal Patel 55f555495d Merge pull request #221 from mrunalp/txq
Adds a tx_queuelen setting for veth in the network configuration
2014-10-15 16:07:28 -07:00
Michael Crosby 122573a738 Merge pull request #219 from harshavardhana/xattr_build
xattr: Disallow build on non linux platforms
2014-10-15 15:39:56 -07:00
Ian Main d67a27ee13 Create an ApplyDevices call.
For our work on adding dynamic device support to Docker we needed to be
able to call this to update the list of allowed devices.  This works for
both systemd and fs based cgroups implementations.

Co-Authored-By: Chris Alfonso <calfonso@redhat.com> (github: calfonso)
Docker-DCO-1.1-Signed-off-by: Ian Main <imain@redhat.com> (github: imain)
2014-10-15 11:59:26 -07:00
Harshavardhana e3d305c1ef xattr: Disallow build on non linux platforms
Signed-off-by: Harshavardhana <fharshav@redhat.com>
2014-10-15 01:06:47 -07:00
Michael Crosby 8d1d0ba38a Merge pull request #224 from crosbymichael/set-apparmor-execin
Set apparmor profile in execin
2014-10-13 23:23:12 -07:00
Michael Crosby cb6ba4dbfb Set apparmor profile in execin
The set of the apparmor profile for the setns codepath was missing.
Selinux was being called but apparmor was forgotten.  This was causing
no profiles to be applied to the extra process spawn inside an existing
container.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2014-10-14 05:53:44 +00:00
Michael Crosby 4f409628d8 Merge pull request #222 from rhatdan/exec
Do not check if SELinux is enabled on lowlevel calls to set processlabel
2014-10-13 12:52:01 -07:00
Dan Walsh 7f60c92d65 Do not check if SELinux is enabled on lowlevel calls to set processlabel
docker exec changes the mount namespace which fools selinux bindings
into thinking SELinux is disabled.  Bindings should just check if
a label is passed in and attempt to use it.  Docker will not call these
functions with a label if SELinux is disabled.

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
2014-10-11 06:04:52 -04:00
Ye Yin 4ca4048d98 Adds a tx_queuelen setting for veth in the network configuration and defaults it to 0.
Signed-off-by: Ye Yin <hustcat@gmail.com>
2014-10-10 13:29:46 -04:00
Victor Marmol f4254672e6 Merge pull request #216 from cbosdo/master
cgroups: Export ParseCgroupFile
2014-10-08 10:51:49 +02:00
Alexander Larsson 06949e779f pkg/cgroups: Export ParseCgroupFile
This is needed for the libvirt exec driver.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Docker-DCO-1.1-Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> (github: jpoimboe)
2014-10-07 15:55:58 +02:00