github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-07-21 18:11:35 +00:00
Code Issues Projects Releases Wiki Activity
2,930 Commits 1 Branch 27 Tags 240 MiB
103b517ef6
Commit Graph

2930 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rolf Neugebauer
ff8105a474 vendor: Update hyperkit go bindings 
This will break compilation, until the next commit

Also update some package strings in 'vendor.conf' as the new vndr
was complaining about them not being root imports.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-10 15:23:37 +01:00
Justin Cormack
0ffc2867a9 Use hierarchy for memory cgroups 
Container systems expect this...

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-10 14:36:06 +01:00
Justin Cormack
821fdaecc8 Remove SELinux setup until actually implemented 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-10 14:35:07 +01:00
Justin Cormack
efd1efe531 Add a sysfs container 
However, do not try to change memory cgroups from it; this needs to be in `init`.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-10 14:33:38 +01:00
Justin Cormack
bd5780e46d Merge pull request #1565 from justincormack/var-rework-again 
Rework how /var is mounted
 2017-04-10 14:27:40 +01:00
Rolf Neugebauer
47402c955c Merge pull request #1566 from rneugeba/etcd-clean 
demo: Remove jq and sfdisk from etcd image
 2017-04-10 11:53:35 +01:00
Rolf Neugebauer
29ad037125 demo: Remove jq and sfdisk from etcd image 
They are no longer needed as the mounting happens in the
mount container.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-10 11:41:17 +01:00
Justin Cormack
9ee52aa966 Rework how /var is mounted 
Instead of mounting a new filesystem, revert to doing a `rw` bind.

However do not make `/` `rshared`, just `/var` as that is where we expect
filesystems to be mounted for persistence. Also only make the actual
container rootfs writeable, not the whole directory.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-10 11:28:00 +01:00
Justin Cormack
ce70127028 Merge pull request #1561 from riyazdf/landlock-makefile-dockerfile 
Landlock: kernel build materials and example yml
 2017-04-10 10:48:37 +01:00
Rolf Neugebauer
f2ec32a043 Merge pull request #1563 from rneugeba/kern-up 
kernel: Update to 4.10.9/4.9.21/4.4.60
 2017-04-09 23:12:49 +01:00
Rolf Neugebauer
201f89de74 kernel: Update to 4.10.9/4.9.21/4.4.60 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-09 22:50:18 +01:00
Justin Cormack
221dac183f Merge pull request #1560 from DieterReuter/patch-1 
Fix link to Landlock project
 2017-04-09 22:12:26 +01:00
Dieter Reuter
f6c2bca4cb Fix link to Landlock project 
Signed-off-by: Dieter Reuter <dieter.reuter@me.com>
 2017-04-09 20:06:04 +00:00
Justin Cormack
82d960c604 Merge pull request #1562 from rneugeba/demo-up 
demo: Update etcd to use the new mount container
 2017-04-09 21:00:26 +01:00
Rolf Neugebauer
baab60ea87 demo: Update etcd to use the new mount container 
Rolling updates still work

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-09 20:50:10 +01:00
Riyaz Faizullabhoy
3aead78f36 landlock: example yml 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2017-04-09 12:09:06 -07:00
Riyaz Faizullabhoy
b95ca1b358 landlock: gitignore for kernel build 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2017-04-09 12:08:53 -07:00
Riyaz Faizullabhoy
f89bd06edb landlock: Makefile with kernel-landlock name 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2017-04-09 12:07:10 -07:00
Riyaz Faizullabhoy
1e9495e609 landlock: Dockerfile 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2017-04-09 12:06:48 -07:00
Justin Cormack
9d1b120498 Merge pull request #1559 from l0kod/landlock-v6-linux-v4.9.20 
Backport Landlock v6 for Linux v4.9.20
 2017-04-09 19:31:21 +01:00
Mickaël Salaün
296a0f4560 landlock: Backport patches from the sixth series 
Backport from Linux v4.11-rc3-812-gc6bf33827b7d to Linux 4.9.20:
https://github.com/landlock-lsm/linux/commits/landlock-v6-linux-v4.9.20

Do not include documentation nor tests.

See built documentation here:
https://landlock-lsm.github.io/linux-doc/landlock-v6/security/landlock/index.html

Signed-off-by: Mickaël Salaün <mic@digikod.net>
Link: https://lkml.kernel.org/r/20170328234650.19695-1-mic@digikod.net
 2017-04-09 19:45:24 +02:00
Mickaël Salaün
792238f5cb landlock: Add kernel_config{,.debug} 
Based on kernel_config{,.debug} from commit
724561bf69

Enable Landlock and userland sandbox example:
* CONFIG_SECURITY_LANDLOCK=y
* CONFIG_SAMPLES=y

Signed-off-by: Mickaël Salaün <mic@digikod.net>
 2017-04-09 19:45:24 +02:00
Mickaël Salaün
c6b3c62b83 landlock: Link to project 
Signed-off-by: Mickaël Salaün <mic@digikod.net>
 2017-04-09 19:45:24 +02:00
Justin Cormack
60f84fb917 Merge pull request #1558 from justincormack/report-9-april 
Add weekly report for 9 April 2017
 2017-04-09 17:38:12 +01:00
Justin Cormack
6476ed0441 Add weekly report for 9 April 2017 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-09 17:00:40 +01:00
Justin Cormack
74b720a42a Merge pull request #1557 from justincormack/mount-take-2 
Make mount a standalone package, fix mount propagation
 2017-04-09 16:02:24 +01:00
Justin Cormack
961c98e33e Merge pull request #1521 from thebsdbox/qemu 
CLI: Added qemu backend
 2017-04-09 13:56:09 +01:00
Justin Cormack
f079f7a7cd Update to new init container with mount changes 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-09 13:52:45 +01:00
Justin Cormack
b2a3215e5f Update Docker image to use mount image not do mount itself 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-09 13:50:04 +01:00
Justin Cormack
bfa76205d5 Change propagation for root 
- make / rshared
- make /containers private
- make /var its own tmpfs mountpoint, shared

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-09 13:50:04 +01:00
thebsdbox
01aa2abdd4 CLI: Added qemu backend 
Signed-off-by: Dan Finneran <daniel.finneran@gmail.com>
 2017-04-09 13:49:00 +01:00
Justin Cormack
3ffa912c41 Move mount back to its own package, not inside docker 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-09 12:53:46 +01:00
Rolf Neugebauer
48cb54d378 Merge pull request #1555 from rneugeba/nobinfmt 
config: Remove unused binfmt container
 2017-04-09 10:26:59 +01:00
Rolf Neugebauer
733e8f3307 config: Remove unused binfmt container 
A few YAML files include the binfmt container, where it's not really
needed. Remove it to make the samples simpler.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-09 10:09:00 +01:00
Justin Cormack
f45e7c898f Merge pull request #1552 from riyazdf/trust-yaml-docs 
Content Trust yaml docs and code improvements
 2017-04-09 09:53:55 +01:00
Justin Cormack
df22e868c3 Merge pull request #1554 from riyazdf/landlock-project 
landlock: start project, add roadmap doc
 2017-04-09 09:52:53 +01:00
Justin Cormack
e0aced6be0 Merge pull request #1550 from justincormack/rootfs-mountpoint 
Make each rootfs a mountpoint by binding
 2017-04-09 09:52:23 +01:00
Riyaz Faizullabhoy
9effac329a landlock: start project, add roadmap doc 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2017-04-08 20:05:39 -07:00
Riyaz Faizullabhoy
b1475d33bc trust: add yaml docs 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2017-04-08 17:25:33 -07:00
Riyaz Faizullabhoy
7f79de1b6f trust: clean up logic for digests and orgs 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2017-04-08 17:25:18 -07:00
Justin Cormack
f9c4c30142 Merge pull request #1551 from justincormack/containerd-toml 
Add an (empty) config file for containerd
 2017-04-08 21:49:19 +01:00
Justin Cormack
fb5d6a8fad Add an (empty) config file for containerd 
It needs one now.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-08 21:38:31 +01:00
Justin Cormack
c40351a0a8 Make each rootfs a mountpoint by binding 
Otherwise shared mounts do not work correctly with `runc`.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-08 21:10:30 +01:00
Rolf Neugebauer
508f12350a Merge pull request #1547 from rneugeba/demo-up 
Update etcd demo
 2017-04-08 20:49:38 +01:00
Rolf Neugebauer
875cb565e3 demo: Update etcd README 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-08 20:38:53 +01:00
Rolf Neugebauer
31a4156686 demo: Add formatting and mounting to etcd image 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-08 20:38:53 +01:00
Rolf Neugebauer
a3d20abdb6 demo: Add a disk to the etcd image 
etcd works better with a persistent storage. So configure a
disk and add the formatting container to the image.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-08 20:38:53 +01:00
Rolf Neugebauer
6407cf360b demo: Update YAML files to new init section layout 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-08 20:37:17 +01:00
Rolf Neugebauer
eeae23e9de infrakit: Create persistent disk if an InstanceID is provided 
If the user specifies an InstanceID, we assume the instance is "named"
and, therefore, special. If the instance has a disk configured, create
it in the "disks" directory so that, if the same instance is recreated,
the disk image can be re-used.

This is consistent with other InfraKit plugins.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-08 20:32:25 +01:00
Rolf Neugebauer
b5dd0315e2 demo: Make sure the infrakit 'cli' directory exists 
Otherwise there is a warning on first use.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-08 20:32:25 +01:00