Commit Graph

73 Commits

Author SHA1 Message Date
Avi Deitcher
8de1d9bf2c Mount /var/log to getty and ssh again
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2017-07-21 19:11:22 +03:00
Jason A. Donenfeld
ec7dadcddd wireguard: add to getty and sshd
People really want to play around with this, so adding them here makes
it possible. Just as iproute2 is part of these, so should
wireguard-tools.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-07-20 23:50:13 +02:00
Ian Campbell
c48acd5d9d sshd+getty: Add apk to these containers
Since these are the user login containers, having the ability to add packages
is useful (e.g. I quite often find I want strace).

Doing this requires that we not share `/var` with the login containers since we
want the apk database therein. Previously it was thought that the containers
might need some parts of `/var` for `ctr` to work (e.g. `/var/lib/containerd`)
but this is not the case now (if it ever was) based on my testing.

Fixes #2206.

Signed-off-by: Ian Campbell <ijc@docker.com>
2017-07-20 15:08:27 +01:00
Ian Campbell
b3db1a887c Update to containerd v1.0.0-alpha1
This is actually containerd#1141 rebased onto v1.0.0-alpha1.

The `dist` command has been integreated into `ctr` and so is removed, including
from the getty and sshd bind mounts and the test which uses it is updated..

There is no change to the version of runc vendored by containerd, so this is
unchanged.

Signed-off-by: Ian Campbell <ijc@docker.com>
2017-07-20 14:10:51 +01:00
Avi Deitcher
af0331d382 flag in init and background only if not in init
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2017-07-18 16:37:05 +03:00
Justin Cormack
98ed378dbd Add a securetty file
Do not copy host securetty file - this one should be comprehensive
or bind mount host one in yourself.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-07-14 18:34:52 +01:00
Justin Cormack
ecaa7f9c68 Remove the -x from the rungetty script
Its annoyingly verbose!

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-07-14 13:53:45 +01:00
Avi Deitcher
5d18cba75f Use existing securetty
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2017-07-11 14:43:26 +03:00
Justin Cormack
298f4aab32 Consistently don't use quotes around image names
These are not needed, but we are inconsistent. Been waiting for a
quiet moment to fix this since I noticed while doing a presentation...

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-07-09 17:47:30 +01:00
Rolf Neugebauer
699a864302 pkg: Update to new Alpine base
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2017-07-01 18:11:45 +01:00
Dave Tucker
5a225b9dc5 Makefile: Fix bug where network was not disabled
This commit moves the include statement to the bottom of the file to
ensure that all variables are set before conditionals are evaluated.

I also changed the ifndef NETWORK to ifdef NETWORK as the former was
incorrect. We want `NET_OPTS="--network=none"` in cases where NETWORK is
not defined.

Fixes: #2134

Signed-off-by: Dave Tucker <dt@docker.com>
2017-06-30 11:55:08 +01:00
Dave Tucker
5fb025824f getty: Make namespacing more obvious
Warn the user in the MOTD
Add "(ns: getty)" or "(ns: sshd)" to the PS1
Use `agetty` and `-a root` to ensure we get a login shell when insecure

Signed-off-by: Dave Tucker <dt@docker.com>
2017-06-29 14:58:44 +01:00
Rolf Neugebauer
2fb65e8f1e doc: Remove explicit hashes from documentation in ./pkg
People typically update hashes in YAML files with
'git grep ... | sed ...' this will change the README.md files
in the ./pkg directory and thus change the git tree hash.

Remove the use of explicit hashes from those files to avoid
the obvious chicken and egg problem.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2017-06-27 18:01:48 +01:00
Rolf Neugebauer
cab27698f4 pkg: Update all packages to the new alpine base
In a subsequent commit, all YAML files will be updated with
new package hashes since all packages needed rebuild due to
build system changes in commit adae27b8d1 ("Simplify
Makefiles for Packages"). So, we might as well bring all
packages up to the latest alpine base package.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2017-06-27 17:43:57 +01:00
Ian Campbell
2864f467b9 getty,sshd: Include ca-certificates.
Otherwise:

    dist pull docker.io/library/redis:alpine
    dist: failed to do request: Head https://registry-1.docker.io/v2/library/redis/manifests/alpine: x509: failed to load system roots and no roots provided

Signed-off-by: Ian Campbell <ian.campbell@docker.com>
2017-06-26 11:52:41 +01:00
Ian Campbell
34fbe42615 getty,sshd: Mount host /tmp into containers.
ctr (which runs in the getty or ssh container) relies on sharing files in /tmp
with containerd (which runs in the host mount namespace). Specifically it
currently uses paths under /tmp/containerd for the stdio FIFOs of containers, resulting in:

    # ctr run -t docker.io/library/redis:alpine test
    ctr: rpc error: code = Unknown desc = runtime create failed: runc create failed: container with id exists: test

Currently it is not possible to specify a non-existent source directory for a
bind mount, so we cannot easily bind just /tmp/containerd. Sharing all of /tmp
doesn't sound like a terrible idea anyway.

Defering updating the sha in *.yml until after some further changes to these packages.

Signed-off-by: Ian Campbell <ian.campbell@docker.com>
2017-06-26 11:52:41 +01:00
Dave Tucker
adae27b8d1 Simplify Makefiles for Packages
These now inherit from a top-level package.mk
Options like use of the network can be enabled on a per package basis
This removes a lot of duplicate code and make the maintenace of these
Makefiles much easier

Signed-off-by: Dave Tucker <dt@docker.com>
2017-06-22 12:40:03 +01:00
Ian Campbell
f7b2a739ee pkg/getty: Stop bind mounting /tmp/ctr
This doesn't exist with newer ctr or in systems where service containers are
not started using the ctr tool. All it contains today are the stdio FIFOs,
which are not in general useful to access after container creation.

Signed-off-by: Ian Campbell <ian.campbell@docker.com>
2017-06-16 11:21:40 +01:00
Riyaz Faizullabhoy
6dedac2fe9 Update getty image for setsid changes
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2017-06-15 09:16:12 -07:00
Avi Deitcher
42bf54de28 copy setsid to setsidu so it does not get overwritten by busybox when used in init, and ensure inittab is clean
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2017-06-14 13:22:18 +03:00
Justin Cormack
19b3beff9f Mount system /sys into getty container
Without this the mounts underneath here were not visible.

fix #2019

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-06-12 10:44:14 +02:00
Justin Cormack
513f661458 Clean up getty Makefile to match others
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2017-06-08 11:02:48 +01:00
Avi Deitcher
5db7e6fe69 Add getty pkg
Signed-off-by: Avi Deitcher <avi@deitcher.net>
2017-06-08 00:11:53 +03:00