Victor Marmol
031524c73d
Merge pull request #375 from crosbymichael/move-system-mounts
...
Refactor system mounts to be placed on the config
2015-02-12 21:36:03 -08:00
Alexander Morozov
ebefcddc3c
Use netlink to set hairpin mode
...
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-02-12 18:40:54 -08:00
Michael Crosby
1a37242fa2
Refactor system mounts to be placed on the config
...
Also remove the RestrictSys bool replaced by configurable paths that the
user can specify.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-12 16:58:38 -08:00
Michael Crosby
a9a503082e
Merge pull request #374 from LK4D4/go1.3_support
...
Fix compilation with golang 1.3(uid/gid mappings is unsupported)
2015-02-12 14:21:41 -08:00
Alexander Morozov
fe9f766895
Fix compilation with golang 1.3(uid/gid mappings is unsupported)
...
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-02-12 13:28:07 -08:00
Mrunal Patel
cee97cb0cc
Merge pull request #372 from rhatdan/gcc5.0
...
Changes required to keep gcc 5.0 quiet and happy.
2015-02-12 11:42:14 -08:00
Dan Walsh
6262667787
Changes required to keep gcc 5.0 quiet
...
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
2015-02-12 14:21:34 -05:00
Mrunal Patel
e2ed997ae5
Merge pull request #370 from crosbymichael/state
...
Ensure state is persisted
2015-02-12 11:19:58 -08:00
Michael Crosby
c2403c32db
Add GetPath on namespace config
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-12 10:38:43 -08:00
Michael Crosby
91a3f162af
Implement nsinit state command
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 18:49:28 -08:00
Michael Crosby
5df859ad24
Add config command to nsinit
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 17:26:29 -08:00
Michael Crosby
d909440c48
Unexport certain internal funcs and types
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 17:12:03 -08:00
Michael Crosby
5c246d038f
Persist container state to disk
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 16:52:28 -08:00
Michael Crosby
31327166e5
Rename OOM to NotifyOOM
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 15:09:54 -08:00
Michael Crosby
7fff13632e
Add state method to return container's runtime state
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 14:45:07 -08:00
Victor Marmol
9f0cca11d0
Merge pull request #367 from crosbymichael/validation
...
API Refactoring
2015-02-11 13:47:45 -08:00
Michael Crosby
fde0b7aa0d
Refactor network and veth creation
...
Remove veth interfaces on the host if an error occurs.
Provide the host interface name, temporary peer interface name and the
name of the peer once it is inside the container's namespace in the
Network config.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 13:33:58 -08:00
Michael Crosby
2ec6b585ea
Add new API examples to readme
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 11:20:27 -08:00
Michael Crosby
758d151e61
Fully remove security package
...
This moves the capabilities package into the root package.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 11:20:09 -08:00
Michael Crosby
ad49d71504
Remove network package
...
Also add ability to get network stats from multiple interfaces.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 11:20:09 -08:00
Michael Crosby
6a04779b41
Remove restrict package
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 11:20:09 -08:00
Michael Crosby
1c895b409a
Move mount logic into root package
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 11:20:09 -08:00
Michael Crosby
b0e274c0d2
Remove console package and add Console type
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 11:20:09 -08:00
Michael Crosby
20daff5e2c
Move mount package into libcontainer root
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 11:20:09 -08:00
Michael Crosby
1edada52fd
Move Cwd and User to Process
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 11:20:09 -08:00
Michael Crosby
9dcbc4f3f8
Implement container signaling
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 11:20:09 -08:00
Michael Crosby
0c1919c427
Refactor parent processes into types
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 11:20:09 -08:00
Michael Crosby
21bb5ccc4f
Move environment configuration to Process
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 11:20:09 -08:00
Michael Crosby
58023ad32f
Add parent death signal to the container config
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 11:20:09 -08:00
Michael Crosby
8850636eb3
Refactor init actions into separate types
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 11:20:08 -08:00
Michael Crosby
5fc19e8db5
Rename Fs fields to fs
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-11 11:20:08 -08:00
Mrunal Patel
e48806d39d
Merge pull request #360 from avagin/api-userns-test
...
integration: check a container with userns
2015-02-10 17:14:47 -08:00
Mrunal Patel
21ed4766b1
Merge pull request #366 from icecrime/hairpin-nat
...
Resurrect hairpin NAT
2015-02-10 15:35:43 -08:00
Arnaud Porterie
190e50b08d
Selectively enable hairpin NAT
...
Offer the ability to enable hairpin NAT on a per network basis, while
keeping it disable by default as it is unsupported by older kernel.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
2015-02-10 15:30:36 -08:00
Mrunal Patel
d6fae7bb26
Merge pull request #369 from dqminh/exec-reap-zombie
...
handle SIGCHLD when running as child subreaper
2015-02-10 11:11:07 -08:00
Daniel, Dao Quang Minh
770e258390
handle SIGCHLD when running as child subreaper
...
When running under child subreaper mode, it's useful for nsenter to be able to
reap child processes. We have seen cases where spawned user processes wasnt
reaped properly (https://github.com/creationix/nvm/issues/650 )
Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com>
2015-02-10 04:50:22 -05:00
Patrick Hemmer
da109f3af0
enable hairpin mode on virtual interface bridge port
...
This is to support being able to DNAT/MASQ traffic from a container back into itself (dotcloud/docker#4442 )
Docker-DCO-1.1-Signed-off-by: Patrick Hemmer <patrick.hemmer@gmail.com> (github: phemmer)
2015-02-09 14:56:27 -08:00
Michael Crosby
da32455210
Merge pull request #343 from dqminh/dqminh
...
add dqminh as maintainer
2015-02-09 12:11:06 -08:00
Rohit Jnagal
623fe598e4
Merge pull request #361 from hqhq/hq_typo_for_userns
...
fix typo for GetHostRootGid
2015-02-07 11:05:40 -08:00
Qiang Huang
f115a5f6c8
fix typo and outdated comments in exec.go
...
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-02-07 08:52:50 +08:00
Mrunal Patel
62bdfc482d
Merge pull request #362 from vmarmol/cgroup
...
Retry getting the cgroup root at apply time.
2015-02-06 12:25:01 -08:00
Victor Marmol
e0de51f53c
Retry getting the cgroup root at apply time.
...
This will allow late-binding of the cgroup hierarchy.
Fixes docker/docker#8791
Signed-off-by: Victor Marmol <vmarmol@google.com>
2015-02-06 11:04:25 -08:00
Mrunal Patel
4bd39999a0
Merge pull request #359 from philips/systemd-default-dependencies-false
...
cgroups: systemd: set DefaultDependencies=false if possible
2015-02-05 10:41:32 -08:00
Andrey Vagin
c6f5420bed
integration: check a container with userns
...
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-02-04 14:21:05 +03:00
Brandon Philips
99233fde8c
cgroups: systemd: set DefaultDependencies=false if possible
...
The root problem this fixes is the docker daemon uses DefaulDependencies
for all of its scopes which means that the containers get killed by
systemd before the docker daemon is notified to shutdown. This means
that a docker run in a service file won't get ordered properly on
shutdown! This has affected many CoreOS users and is documented in
systemd as so:
"Unless DefaultDependencies=false is used, scope units will implicitly
have dependencies of type Conflicts= and Before= on shutdown.target."
Unfortunately, systemd didn't allow setting DefaultDependencies=false on
transient units until today:
systemd-run --scope --property="DefaultDependencies=false" /usr/bin/sleep 50000
Unknown assignment DefaultDependencies=false.
Failed to create message: Invalid argument
Fixed here:
http://cgit.freedesktop.org/systemd/systemd/commit/?id=261420ba2a20305ad271b6f5f380aa74c5c9dd50
Discussion with systemd upstream:
http://lists.freedesktop.org/archives/systemd-devel/2014-December/026313.html
http://lists.freedesktop.org/archives/systemd-devel/2015-February/027890.html
Tested with docker and systemd master as of today and it work for me.
Signed-off-by: Brandon Philips <brandon.philips@coreos.com>
2015-02-03 22:25:27 -05:00
Victor Marmol
2da44f8c7b
Merge pull request #358 from avagin/capabilities
...
namespaces: allow to use pid namespace without mount namespace
2015-02-03 15:05:54 -08:00
Andrey Vagin
21c344a479
update vendor/src/github.com/syndtr/gocapability/
...
Signed-off-by: Andrey Vagin <avagin@openvz.org>
2015-02-04 01:22:25 +03:00
Andrey Vagin
444cc2989a
namespaces: allow to use pid namespace without mount namespace
...
The gocapability package uses /proc/PID/status to get a bounding set.
If a container uses pidns without mntns, it sees /proc from the host
namespace, but the process doesn't know its own pid in this namespace.
In this case it can use /proc/self/status, which is always the right one.
Signed-off-by: Andrew Vagin <avagin@openvz.org>
2015-02-04 01:01:43 +03:00
Mrunal Patel
5d25c7262e
Merge pull request #357 from crosbymichael/api
...
Flatten config structures and remove namespace package
2015-02-03 10:55:06 -08:00
Michael Crosby
ab76a88d6b
Remove Wait() on container interface
...
Since we return the pid for the started process we do not need this
method on the interface.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-02-03 10:50:18 -08:00