Commit Graph

677 Commits

Author SHA1 Message Date
Alejandro Ojeda b7b7524f5f modified devices: filter /dev/console out of...
Applied crosbymichael's suggested changes

Signed-off-by: Alejandro Ojeda <alex@x3y.org>
2014-10-24 20:04:20 +02:00
Alejandro Ojeda 863a486d81 devices: filter /dev/console out of the node list
Fixed getDeviceNodes() so it won't add /dev/console to the device node
list.

This fixes an issue where containers wouldn't start if
/dev/console is a pts (which is the case when running docker inside
docker), because devpts inodes are special and cannot be created with
mknod: attempting to open the result of doing so will return EIO.

Since later libcontainer would attempt to open the file to mount --bind
over it and fail because of the EIO error, the container wouldn't start
if the /dev/console was a pts, which is the case inside a docker
that was started from a pts.

getDeviceNodes() already filters pts so this change is consistent
with the current behavior.

Signed-off-by: Alejandro Ojeda <alex@x3y.org>
2014-10-24 03:21:29 +02:00
Victor Marmol aab3f6d17f Merge pull request #234 from mrunalp/move_contributors_file
Rename the file as per github convention.
2014-10-22 14:53:13 -07:00
Mrunal Patel 9b10e7fadf Rename the file as per github convention.
Docker-DCO-1.1-Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
2014-10-22 17:39:52 -04:00
Victor Marmol 4bce466f68 Merge pull request #231 from yoheiueda/fix-ioctl-endian-issue
Fix an endian bug for the ioctl argument
2014-10-22 11:14:35 -07:00
Yohei Ueda 92fc5f1b27 Fix an endian bug for the ioctl argument
Signed-off-by: Yohei Ueda <yohei@jp.ibm.com>
2014-10-23 07:06:09 +09:00
Mrunal Patel 3326e43966 Merge pull request #229 from dave-tucker/dev_enviroment
Add development environment instructions
2014-10-22 09:53:28 -07:00
Dave Tucker 6aac245e74 Add development environment instructions
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
2014-10-22 13:03:25 +01:00
Michael Crosby bed80e314f Merge pull request #228 from mrunalp/support_removed_syscalls
Adds support for Setuid/Setgid calls that has been removed from go 1.4
2014-10-20 14:14:49 -07:00
Mrunal Patel 7d268af0be Adds support for Setuid/Setgid calls that has been removed from
go HEAD and won't be available in go 1.4.

Docker-DCO-1.1-Signed-off-by: Mrunal Patel <mrunalp@gmail.com> (github: mrunalp)
2014-10-20 15:20:08 -04:00
Mrunal Patel c907e406fe Merge pull request #226 from crosbymichael/add-tests
Add integration test framework
2014-10-17 16:31:25 -07:00
Michael Crosby 3f2333b667 Add integration test pkg
This integration pkg adds a framework for writing integration tests
aginst the libcontainer APIs

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2014-10-17 23:25:30 +00:00
Michael Crosby 43145ecf1b Move the download of docker to top of dockerfile
We need to do this because it's a big dep.  While we remove this
recursive dep this is the best that we can do right now.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2014-10-17 00:00:16 +00:00
Victor Marmol 0f49d1f254 Merge pull request #209 from imain/publicjoin
Make joinDevices public.
2014-10-16 14:51:18 +02:00
Mrunal Patel 55f555495d Merge pull request #221 from mrunalp/txq
Adds a tx_queuelen setting for veth in the network configuration
2014-10-15 16:07:28 -07:00
Michael Crosby 122573a738 Merge pull request #219 from harshavardhana/xattr_build
xattr: Disallow build on non linux platforms
2014-10-15 15:39:56 -07:00
Ian Main d67a27ee13 Create an ApplyDevices call.
For our work on adding dynamic device support to Docker we needed to be
able to call this to update the list of allowed devices.  This works for
both systemd and fs based cgroups implementations.

Co-Authored-By: Chris Alfonso <calfonso@redhat.com> (github: calfonso)
Docker-DCO-1.1-Signed-off-by: Ian Main <imain@redhat.com> (github: imain)
2014-10-15 11:59:26 -07:00
Harshavardhana e3d305c1ef xattr: Disallow build on non linux platforms
Signed-off-by: Harshavardhana <fharshav@redhat.com>
2014-10-15 01:06:47 -07:00
Michael Crosby 8d1d0ba38a Merge pull request #224 from crosbymichael/set-apparmor-execin
Set apparmor profile in execin
2014-10-13 23:23:12 -07:00
Michael Crosby cb6ba4dbfb Set apparmor profile in execin
The set of the apparmor profile for the setns codepath was missing.
Selinux was being called but apparmor was forgotten.  This was causing
no profiles to be applied to the extra process spawn inside an existing
container.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2014-10-14 05:53:44 +00:00
Michael Crosby 4f409628d8 Merge pull request #222 from rhatdan/exec
Do not check if SELinux is enabled on lowlevel calls to set processlabel
2014-10-13 12:52:01 -07:00
Dan Walsh 7f60c92d65 Do not check if SELinux is enabled on lowlevel calls to set processlabel
docker exec changes the mount namespace which fools selinux bindings
into thinking SELinux is disabled.  Bindings should just check if
a label is passed in and attempt to use it.  Docker will not call these
functions with a label if SELinux is disabled.

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
2014-10-11 06:04:52 -04:00
Ye Yin 4ca4048d98 Adds a tx_queuelen setting for veth in the network configuration and defaults it to 0.
Signed-off-by: Ye Yin <hustcat@gmail.com>
2014-10-10 13:29:46 -04:00
Victor Marmol f4254672e6 Merge pull request #216 from cbosdo/master
cgroups: Export ParseCgroupFile
2014-10-08 10:51:49 +02:00
Alexander Larsson 06949e779f pkg/cgroups: Export ParseCgroupFile
This is needed for the libvirt exec driver.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Docker-DCO-1.1-Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> (github: jpoimboe)
2014-10-07 15:55:58 +02:00
Michael Crosby 2dce757d21 Merge pull request #213 from tianon/crosbymichael_test.go
Fix "go install -v . ./.git/logs/refs/heads ./.git/refs/heads ..."
2014-10-03 11:06:24 -07:00
Tianon Gravi 49da8a49fa Fix "go install -v . ./.git/logs/refs/heads ./.git/refs/heads ..."
This happens when you name a git object (branch, tag, etc) `something_test.go`.

Signed-off-by: Andrew Page <admwiggin@gmail.com>
2014-10-02 16:19:56 -06:00
Victor Marmol b3570267c7 Merge pull request #212 from crosbymichael/veth-naming
Add more entropy to veth pair creation
2014-10-02 15:11:47 -07:00
Michael Crosby b9d08491f6 Add loop for veth pair creation on ErrInterfaceExists
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2014-10-02 22:03:25 +00:00
Michael Crosby 255989b835 Introduce more entropy in veth name generation
The current 4 chars are not enough, bumped to 7

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2014-10-02 21:56:48 +00:00
Mrunal Patel 12845ae8aa Merge pull request #202 from harshavardhana/xattr_list_xattr
Update system/xattrs_linux.go
2014-10-01 17:28:05 -07:00
Harshavardhana 5dca16dcb8 xattr/xattr.go: Add new higher level helpers for xattr
Signed-off-by: Harshavardhana <fharshav@redhat.com>
2014-10-01 17:24:03 -07:00
Harshavardhana 6224908d4e Update system/xattrs_linux.go
- Add Llistxattr() support
- Additionally cleanup Lgetxattr() and implement it properly
  in accordance with getxattr() syscall behavior.

Signed-off-by: Harshavardhana <fharshav@redhat.com>
2014-10-01 17:24:03 -07:00
Victor Marmol 0a5fde25c5 Merge pull request #208 from MalteJ/master
Expose parameter to set interface MAC address
2014-09-30 08:27:47 -07:00
Malte Janduda d804790e8d MACAddress -> MacAddress
Docker-DCO-1.1-Signed-off-by: Malte Janduda <mail@janduda.net> (github: MalteJ)
2014-09-30 00:33:12 +02:00
Malte Janduda bf54bdfd7f implementing SetInterfaceMac
Docker-DCO-1.1-Signed-off-by: Malte Janduda <mail@janduda.net> (github: MalteJ)
2014-09-29 23:55:47 +02:00
Mrunal Patel c744f6470e Merge pull request #206 from milosgajdos83/vlan-macvlan
Added support for VLAN and MAC VLAN interfaces plus did a bit of refactoring.
2014-09-29 13:22:49 -07:00
Milos Gajdos d90daa0cf7 Added VLAN and MAC VLAN device support to netlink
You can now create VLAN and MAC VLAN devices using netlink.
I've also added tests for both VLAN and MAC VLAN stuff.

Signed-off-by: Milos Gajdos <milosgajdos83@gmail.com> (github: milosgajdos83)
2014-09-27 04:15:34 +01:00
Milos Gajdos 267ba8f753 Refactored SetNs funcs. Implemented ChangeName.
I've refactored NetworkSetNsPid and NetworkSetNsFd following
what we already have in place for Add/Del Ip and Add/Del Link.
I've reimplemented NetworkChangeName function which is now
using netlink for changing the interface name. I added tests too.
I've moved the original syscall implementation at the bottom
to keep it together with the other non-netlink functions.

Signed-off-by: Milos Gajdos <milosgajdos83@gmail.com> (github: milosgajdos83)
2014-09-27 02:27:32 +01:00
Victor Marmol 30e50af760 Merge pull request #205 from hugoduncan/fix-leaking-fd-in-netns
Fix leaking file descriptor in NetNs strategy
2014-09-25 13:23:10 -07:00
Hugo Duncan 52f4743aba Fix leaking file descriptor in NetNs strategy
Docker-DCO-1.1-Signed-off-by: Hugo Duncan <hugo@hugoduncan.org> (github: hugoduncan)
2014-09-25 14:05:24 -04:00
Victor Marmol 605edd6394 Merge pull request #203 from MalteJ/master
Adding IPv6 network support
2014-09-25 08:29:06 -07:00
Malte Janduda 4a14248dc8 Address6 -> IPv6Address and Gateway6 -> IPv6Gateway
Docker-DCO-1.1-Signed-off-by: Malte Janduda <mail@janduda.net> (github: MalteJ)
2014-09-24 20:48:00 +02:00
Mrunal Patel 0da391f51c Merge pull request #201 from vishh/stats_rounding
Saturate negative memory stat values at '0'.
2014-09-24 10:35:53 -07:00
Vishnu Kannan 4bfda8a764 Saturate negative memory stat values at '0'.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
2014-09-24 16:47:41 +00:00
Malte Janduda dd9e42732e Adding IPv6 network support
Docker-DCO-1.1-Signed-off-by: Malte Janduda <mail@janduda.net> (github: MalteJ)
2014-09-24 11:36:40 +02:00
Michael Crosby 40f1336057 Merge pull request #199 from SaiedKazemi/rootfs
Add RootFs field to configuration options in libcontainer's Config
2014-09-23 16:49:04 -07:00
Saied Kazemi bbd2b4cbff Merge branch 'rootfs' of https://github.com/SaiedKazemi/libcontainer into rootfs
Conflicts:
	namespaces/exec.go
2014-09-23 16:18:48 -07:00
Saied Kazemi ae81ea069f Add RootFs field to configuration options in libcontainer's Config
Since currently the container.json file does not include the pathname
to a container's root filesystem, we need to parse /proc/mounts which
is slow and error-prone.  This patch addresses this issue by adding a
new RootFs field.

Signed-off-by: Saied Kazemi <saied@google.com>
2014-09-23 16:16:13 -07:00
Saied Kazemi e4a4af4bfe Add RootFs field to configuration options in libcontainer's Config
Since currently the container.json file does not include the pathname
to a container's root filesystem, we need to parse /proc/mounts which
is slow and error-prone.  This patch addresses this issue by adding a
new RootFs field.

Signed-off-by: Saied Kazemi <saied@google.com>
2014-09-23 14:04:55 -07:00