microsoft
/
docker
зеркало из https://github.com/microsoft/docker.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
4 835 коммитов 243 Ветки 83 Теги 222 MiB
Граф коммитов

51 Коммитов

Автор SHA1 Сообщение Дата
Tianon Gravi b702edadb7 Format lxc_template.go with gofmt 2013-11-24 20:02:06 -07:00
Tianon Gravi f16c45f8b0 Add space-escaping to path parts of lxc.mount.entry lines in generated lxc.conf, allowing for spaces in mount point names 
Fixes #2802
 2013-11-24 20:00:39 -07:00
Victor Vieux ad96d5ff04 Merge pull request #2712 from makinacorpus/master 
Do not drop sys_boot
 2013-11-15 10:33:41 -08:00
Jérôme Petazzoni 31638ab2ad Refactor HostConfig and escape apparmor confinement 2013-11-01 13:55:19 -07:00
Brian Olsen be7eb4bfcb Set environment variables using a file. 2013-10-31 00:48:12 +01:00
Tianon Gravi cf86e2bb22 Rename all cases of "docker-init" to "dockerinit" for consistency 2013-10-25 15:13:25 -07:00
Mathieu Le Marec - Pasquet b64ce8e33c Do not drop sys_boot 
This fixes #2391
 2013-10-25 18:41:03 +02:00
Paul Nasrat aa3697520a Fixes issues with mounting subdirectories of /mnt in container. 
Tested with
mkdir /mnt/data
docker run -v /mnt/data:/mnt/data  -t ubuntu:12.10 touch /mnt/data/bar

Expected /mnt/data/bar on host.
 2013-10-09 16:40:46 -04:00
Alexander Larsson 80319add55 lxc: Allow set_file_cap capability in container 
This means you're able to set the bits for capabilities on files
inside the container. This is needed for e.g. many fedora packages
as they use finegrained capabilities rather than setuid binaries.

This is safe as we're not adding capabilities really, since the
container is already allowed to create setuid binaries. Setuid
binaries are strictly more powerful that any capabilities (as root implies
all capabilities).

This doesn't mean the container can *gain* capabilities that it
doesn't already have though. The actual set of caps are strictly
decreasing.
 2013-09-26 21:41:45 +02:00
Michael Crosby 5a01f7485c Only mount hostname files if config exists 2013-09-16 17:53:24 +00:00
Victor Vieux 4f2e59f94a bind mount /etc/hosts and /etc/hostname 2013-09-09 20:29:57 +00:00
Michael Crosby 551092f9c0 Add lxc-conf flag to allow custom lxc options 2013-08-22 16:05:21 +00:00
Michael Crosby 9662f9e56a Merge pull request #1478 from jpetazzo/929-insecure-flag 
add -privileged flag and relevant tests, docs, and examples
 2013-08-14 13:55:18 -07:00
Jérôme Petazzoni 280901e5fb add -insecure flag and relevant tests 2013-08-13 16:20:22 -07:00
Karan Lyons 075d30dbce Mount /dev/shm as a tmpfs 
Fixes #1122.
 2013-08-07 17:44:33 -07:00
Guillaume J. Charmes f6fa353dd8 Merge pull request #1267 from sridatta/new-clean-init 
* Runtime: Fix to "Inject dockerinit at /.dockerinit"
 2013-08-05 13:23:22 -07:00
Stefan Praszalowicz bc172e5e5f Invert network disable flag and logic (unbreaks TestAllocate*PortLocalhost) 2013-07-22 19:00:35 -07:00
Stefan Praszalowicz 3342bdb331 Support networkless containers with new docker run option '-n' 2013-07-21 17:11:47 -07:00
Solomon Hykes 5d8efc107d + Runtime: inject dockerinit at /.dockerinit instead of overwriting /sbin/init. This makes it possible to run /sbin/init inside a container. 2013-07-17 17:13:34 -07:00
Guillaume J. Charmes 4e0cdc016a Revert #1126. Remove mount shm 2013-07-05 10:47:00 -07:00
Karan Lyons dd619d2bd6 Mount /dev/shm as a tmpfs. 
Fixes #1122.
 2013-07-04 09:58:50 -07:00
Gabriel Monroy 67239957c9 - Fix a few bugs in external mount-bind integration 2013-06-26 15:10:38 -07:00
Solomon Hykes d4e62101ab * Runtime: better integration of external bind-mounts (run -b) into the volume subsystem (run -v) 2013-06-26 15:08:07 -07:00
Gabriel Monroy 4fdf11b2e6 + Runtime: mount volumes from a host directory with 'docker run -b' 2013-06-26 15:07:31 -07:00
globalcitizen 788d66f409 Add note about lxc.cap.keep > lxc.cap.drop 2013-06-20 00:39:35 +07:00
globalcitizen 96988a37f5 Add healthy procfs/sysfs warnings 2013-06-20 00:37:08 +07:00
Victor Vieux fd224ee590 linted names 2013-06-04 18:00:22 +00:00
Jérôme Petazzoni efd9becb78 implement "-c" option to allocate a number of CPU shares to a container 2013-05-07 11:16:30 -07:00
Guillaume J. Charmes 6fb495bf6f Move the id of volumes to Container (instead of Container.Config) 2013-05-02 09:14:22 -07:00
Guillaume J. Charmes 8d9aaee60b Handle data volumes mount points 2013-05-02 09:14:22 -07:00
Guillaume J. Charmes 1f9f5eed5d Put the resolv.conf path in a variable instead of being hardcoded within lxc 2013-04-10 18:23:34 -07:00
Guillaume J. Charmes d9a9bfc9c7 Make LXC aware of custom bridge 2013-04-03 16:15:44 -07:00
Mikhail Sobolev b2b6d519c5 remove executable bit from lxc_template.go 2013-03-26 16:36:49 +02:00
Solomon Hykes 7c57a4cfc0 Simplified the core container API, ported it to the new graph. Some features are missing eg. image 'paths' and tags 2013-03-21 00:25:00 -07:00
Guillaume J. Charmes 9ff6dd767a Allow ping within a container. Issue #91 
Allow the net_raw capability
 2013-03-15 02:37:02 -07:00
creack 150a4fe7e5 Merge master within fs 2013-03-12 08:33:21 -07:00
Sam Alba f8fee42181 Missed a rename 2013-03-11 19:55:14 -07:00
Sam Alba 948961831a Renamed Container property Ram to Memory before it is too late 2013-03-11 19:25:02 -07:00
Sam Alba 75d04a5a75 Added support for RamSwap in the generated LXC config (to limit the swap and have the right default settings) 2013-03-11 17:40:54 -07:00
Sam Alba a3a946703b Set the memory soft limit to the same value than the hard limit 2013-03-11 14:30:27 -07:00
shin- 97a8209438 Merged master branch into fs 2013-03-11 05:42:36 -07:00
Andrea Luzzardi 2192d3371c Re-enabled lxc capabilities drop 2013-02-28 11:57:57 -08:00
Andrea Luzzardi 09eacdfade Container can now take a list of ports to expose in its config 2013-02-28 11:51:14 -08:00
shin- 2ebf3464a1 Halfway through fs branch fixes, TestUser not passing 2013-02-26 17:45:46 -08:00
Andrea Luzzardi c08f5b2b84 Integrated the network allocator into Docker. A networking environment 
is assigned to each container upon Start and released whenever the
container exits.
 2013-02-25 14:06:22 -08:00
Andrea Luzzardi 5cecd548cd Basic networking support with hardcoded addresses. Work in progress. 2013-02-21 10:47:57 -08:00
Andrea Luzzardi 58a2294260 Implemented a self-injecting process wrapper that runs inside the container 
- Before starting the container, docker injects itself inside the container by mount binding the dockerd binary into /sbin/init
- Instead of running the user process directly inside the container, we run /sbin/init targetprocess [args...]
- When docker is run as /sbin/init (e.g. argv[0] == "/sbin/init"), then its own sys init code kicks in
- The sys init code will be responsible for setting up the process environment prior to its execution (setuid, networking, ...).
- Finally, docker's sys init will exec() the container's process, thus replacing itself with the target binary (which will be running as pid 1)
 2013-02-13 14:01:44 -08:00
Andrea Luzzardi 2416edd400 LXC template: Cleanup using text/template variables 2013-02-13 13:56:19 -08:00
Andrea Luzzardi 54a946e333 Networking: Mount bind (ro) the host's /etc/resolv.conf into the 
container in order to get networking.
 2013-01-28 17:32:15 -08:00
Andrea Luzzardi 78c02daf47 container.Name -> container.Id 2013-01-21 18:39:52 -08:00