Occasionally the selinux_test program will fail because we are setting file
context based on the Process ID but not the TID. THis change will always
use the TID to set SELinux labels.
Docker-DCO-1.1-Signed-off-by: Daniel Walsh <dwalsh@redhat.com> (github: rhatdan)
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: crosbymichael)
Added --selinux-enable switch to daemon to enable SELinux labeling.
The daemon will now generate a new unique random SELinux label when a
container starts, and remove it when the container is removed. The MCS
labels will be stored in the daemon memory. The labels of containers will
be stored in the container.json file.
When the daemon restarts on boot or if done by an admin, it will read all containers json files and reserve the MCS labels.
A potential problem would be conflicts if you setup thousands of containers,
current scheme would handle ~500,000 containers.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: crosbymichael)
This has every container using the docker daemon's pid for the processes
label so it does not work correctly.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
It was a nice idea to recruit more maintainers but we never found the
time to do it properly...
I am still interested in any ideas to make it easier to start
contributing!
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
I tested to verify that if neither package is available (for example, on Debian Wheezy), apt still continues installing properly.
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
These are unnecessary since the user package handles these cases properly already (as evidenced by the LXC backend not having these special cases).
I also updated the errors returned to match the other libcontainer error messages in this same file.
Also, switching from Setresuid to Setuid directly isn't a problem, because the "setuid" system call will automatically do that if our own effective UID is root currently: (from `man 2 setuid`)
setuid() sets the effective user ID of the calling process. If the
effective UID of the caller is root, the real UID and saved set-user-
ID are also set.
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
This adds back in the references to private repositories and
provides some refactoring to the Working with repositories
documentation including updating references to the "Central"
registry to Docker.io.
It also:
* Fixes some links and references to Central Index
* Fixes anchors in other files to updated titles in Working with Repositories.
* Renamed Central Index in the remaining places.
* Updated terms documentation to reflect Docker.io
* Updated some Docker Index naming to be consistent.
* Updates menu labels and hyperlinks.
Docker-DCO-1.1-Signed-off-by: James Turnbull <james@lovedthanlost.net> (github: jamtur01)
Docker-DCO-1.1-Signed-off-by: O.S. Tezer <ostezer@gmail.com> (github: ostezer)
Correct documentation for POST /commit to reflect that the container's
configuration is supplied in the request body, and not as a query
parameter.
Also correct a small typo in the example JSON for create container.
Docker-DCO-1.1-Signed-off-by: Andy Goldstein <agoldste@redhat.com> (github: ncdc)
Docs' BG was original "#fff" and blocks such as code blocks or
warning-notes blocks were coloured in #F2F2F2.
In order to make it easier to read everything, the BG colour was
changed to #fff. However, the switch missed to convert other blocks'
BG colour.
This commit aims to re-introduce the correct contrast by changing the
BG colour of warning/notes block to #fff.
Docker-DCO-1.1-Signed-off-by: O.S. Tezer <ostezer@gmail.com> (github: ostezer)
So far it has been mostly my duty to create and maintain docs' design/theme.
This commit adds myself to the list of maintainers by modifying
the MAINTAINERS file under the docs/theme directory.
Docker-DCO-1.1-Signed-off-by: O.S. Tezer <ostezer@gmail.com> (github: ostezer)
This commit removes the "max-width" property of DOM "containers";
Thus letting the viewport to expand to fill the available space.
This commit aims to bring pleasure to Docker docs' readers' eyes,
And to make them happy by letting them profit more from their large
monitors. (or use more efficiently their smaller ones).
Docker-DCO-1.1-Signed-off-by: O.S. Tezer <ostezer@gmail.com> (github: ostezer)
Michael Crosby
Dan Walsh
Victor Vieux
O.S. Tezer
Tianon Gravi
Solomon Hykes
Sven Dowideit
James Turnbull
Michael Crosby
Rohit Jnagal
Victor Marmol
Brian Goff
Tibor Vass
Andy Goldstein
O.S.Tezer
unclejack