github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-07-22 02:21:34 +00:00
Code Issues Projects Releases Wiki Activity
1,861 Commits 1 Branch 27 Tags 240 MiB
3bc7060843
Commit Graph

1861 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Riyaz Faizullabhoy
9284759f2c Disable kexec from kernel_config, revert sysctl config because key is now unknown 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-12-07 11:43:10 -08:00
Justin Cormack
5794640a04 Merge pull request #840 from riyazdf/kexec-load 
Disable kexec load in sysctl config
 2016-12-07 10:44:44 -08:00
Justin Cormack
c19b70e8bd Merge pull request #848 from justincormack/sha-missing 
Add some missing sha256 tags
 2016-12-07 00:04:04 -08:00
Justin Cormack
1656e53324 Add some missing sha256 tags 
These got missed in the previous commits.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-12-06 18:49:44 -08:00
Justin Cormack
f25fa4eb49 Merge pull request #846 from justincormack/trim-cond-mac 
Only TRIM on Mac if configured via database
 2016-12-06 08:58:07 -08:00
Justin Cormack
085a2f7fbd Only TRIM on Mac if configured via database 
Stops unnecessary log spam.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-12-06 08:50:45 -08:00
Justin Cormack
4325cc46d3 Merge pull request #845 from justincormack/15min 
Typo in crontab
 2016-12-06 08:41:52 -08:00
Justin Cormack
ccec51c2ca Typo in crontab 
Its 15min not 15m

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-12-06 08:37:04 -08:00
Justin Cormack
681dfb2548 Merge pull request #844 from djs55/mac-trim 
Use TRIM on Mac as well as Windows
 2016-12-06 08:13:01 -08:00
David Scott
f570ef6dac Use TRIM on Mac as well as Windows 
Previously we only ran `fstrim` on Windows. Docker for Mac now supports
TRIM so we should run `fstrim` there too.

Note it's possible to turn off TRIM on the Mac at the virtual hardware
level via the database, but this should be harmless -- the `fstrim`
fails immediately with an obvious error if the device doesn't support it:
`fstrim: ioctl 0xc0185879 failed: Not supported`.

Signed-off-by: David Scott <dave.scott@docker.com>
 2016-12-06 12:03:26 +00:00
Justin Cormack
df3370f2fd Merge pull request #843 from justincormack/rc3 
Update Docker to 1.13.0-rc3
 2016-12-05 21:12:20 -08:00
Justin Cormack
6d8925f012 Update Docker to 1.13.0-rc3 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-12-05 20:31:16 -08:00
Nathan LeClaire
82d92fd11b Merge pull request #746 from justincormack/no-2375 
Stop Docker listening on port 2375
 2016-12-05 13:43:36 -08:00
Riyaz Faizullabhoy
23c895a3d3 Disable kexec load in sysctl config 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-12-05 09:26:17 -08:00
Justin Cormack
1d3477fc1c Merge pull request #834 from nathanleclaire/bump_beta12_digest 
Bump digest and re-add DOCKER_FOR_IAAS_VERSION for Azure
 2016-12-03 01:19:47 -08:00
French Ben
1fe0abc70f Added docker image for VHD utils 
Signed-off-by: French Ben <frenchben@docker.com>
 2016-12-02 20:48:59 -08:00
Nathan LeClaire
5bca9e0192 Bump digest and re-add DOCKER_FOR_IAAS_VERSION for Azure 
Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com>
 2016-12-02 18:30:33 -08:00
Justin Cormack
7d7c52a55e Merge pull request #831 from justincormack/split-containers 
Split the initrd into base and containers
 2016-12-02 10:19:03 -08:00
Justin Cormack
960f52d18c Split the initrd into base and containers 
In future this will allow easier customisation of the containers
for each edition.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-12-02 18:13:45 +00:00
Justin Cormack
c6163f7ffd Merge pull request #762 from simonferquel/vsudd_dontretry_on_dockerd 
[vsudd] Don't retry when dockerd is not running
 2016-12-02 08:23:23 -08:00
Justin Cormack
ab522f6106 Merge pull request #830 from justincormack/initrd-align-4 
Align compressed initrd to 4 bytes
 2016-12-02 08:14:36 -08:00
Justin Cormack
72d4d5aefc Align compressed initrd to 4 bytes 
Allows appending another initrd.

Also build initrd on tmpfs as should be a bit faster now we have to do
another copy.

Fix #618

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-12-02 16:05:49 +00:00
Justin Cormack
06cf2b5d12 Merge pull request #829 from justincormack/linuxup 
Update to Linux 4.8.12
 2016-12-02 06:52:22 -08:00
Justin Cormack
9916e7510d Merge pull request #828 from justincormack/azure-quoting 
Missing quote in azure init script
 2016-12-02 06:12:54 -08:00
Justin Cormack
f870b6641b Update to Linux 4.8.12 
- security update

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-12-02 14:12:06 +00:00
Justin Cormack
43c531f8f6 Merge pull request #827 from justincormack/container-rngd 
Run rngd inside a system container
 2016-12-02 06:07:46 -08:00
Justin Cormack
6e10fa9399 Missing quote in azure init script 
Fix #826

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-12-02 14:03:21 +00:00
Justin Cormack
933372e45a Run rngd inside a system container 
- this needs an init as it does not respond to stop signals, so include tini
- needs CAP_SYS_ADMIN to write to kernel entropy estimate
- set kernel.random.write_wakeup_threshold so that rngd does not need sysctl write access
- build patches from Alpine, but statically linked
- remove rngd from base image, means we no longer need community repository

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-12-02 14:00:12 +00:00
Justin Cormack
842527996c Merge pull request #825 from justincormack/go-up 
Update to Go 1.7.4
 2016-12-02 01:59:39 -08:00
Justin Cormack
1ecdeeed44 Update to Go 1.7.4 
Security update.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-12-02 09:51:36 +00:00
Justin Cormack
5608dfbf5d Merge pull request #819 from riyazdf/lynis-sysctl-changes 
Add sysctl changes as suggested by lynis
 2016-12-02 01:30:55 -08:00
Justin Cormack
07b1806061 Merge pull request #824 from riyazdf/bump-waalinux-opensslconfig 
Bump windows azure linux agent to include openssl config swapping logic
 2016-12-02 01:29:06 -08:00
Riyaz Faizullabhoy
aa4e996d16 Bump windows azure linux agent to include openssl config swapping logic 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-12-01 19:15:50 -08:00
Riyaz Faizullabhoy
0eefa15623 Add sysctl changes as suggested by lynis 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-12-01 15:41:57 -08:00
Justin Cormack
cb486e5cc5 Merge pull request #820 from riyazdf/digests-and-trust 
Use digests for external images and scripts where possible
 2016-12-01 12:57:32 -08:00
Justin Cormack
c004fb5efa Merge pull request #822 from riyazdf/dct-in-pull 
Use DCT in library/docker run command
 2016-12-01 10:34:33 -08:00
Riyaz Faizullabhoy
4011d4842a Use digests instead of tags where possible 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-12-01 09:39:02 -08:00
Riyaz Faizullabhoy
4068e792fd Use DCT in library run command 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-12-01 09:27:01 -08:00
Justin Cormack
6b47f7ef6d Merge pull request #821 from justincormack/binfmt-cleanup 
Makefile cleanup for binfmt
 2016-12-01 07:30:09 -08:00
Justin Cormack
19e3dd4c60 Makefile cleanup for binfmt 
Remove duplication and simplify.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-12-01 15:23:03 +00:00
Nathan LeClaire
b5ea59e122 Merge pull request #788 from justincormack/small-ami 
Use a 1G AMI
 2016-11-30 16:22:41 -08:00
Justin Cormack
b0fdca348b Merge pull request #817 from justincormack/content-trust 
Use DOCKER_CONTENT_TRUST=1 when pulling library images
 2016-11-30 05:40:56 -08:00
Justin Cormack
ae885bd714 Use DOCKER_CONTENT_TRUST=1 when pulling library images 
When building the base images always test signatures.

This will be the default at some point.

Add a test that content trust is working.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-30 13:35:38 +00:00
Justin Cormack
078f8be56c Merge pull request #815 from justincormack/binfmt-container 
Containerize binfmt_misc
 2016-11-30 05:33:38 -08:00
Justin Cormack
8d3691fabb Containerize binfmt_misc 
- statically make containerd symlinks so rootfs can be read only
- run binfmt_misc in a containerd container
- ship arm, aarch64, ppc64le qemu static versions that always "just work" as this is supported in Linux 4.8

fix #53

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-30 12:49:37 +00:00
Simon Ferquel
641669cafb Redirect vsudd stdout/stderr to console 
Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
 2016-11-30 10:31:11 +01:00
Simon Ferquel
a12a833b20 [vsudd] Don't retry when dockerd is not running 
Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
 2016-11-30 10:31:11 +01:00
Justin Cormack
1f2f77f1e9 Merge pull request #811 from justincormack/noswap 
Disable rc swap script
 2016-11-29 07:47:00 -08:00
Justin Cormack
e131ad013e Merge pull request #808 from FrenchBen/fix-azure 
Fixed Azure go utils
 2016-11-29 07:46:41 -08:00
Justin Cormack
018be45ec8 Merge pull request #809 from justincormack/shell-exec 
Use shell to execute userdata
 2016-11-29 07:43:14 -08:00