docker itself seems to bind to the port globally inside Moby, so we
get an EADDRINUSE if we try to do it too.
Signed-off-by: David Scott <dave.scott@docker.com>
The ability to unload kernel modules helps with rapid development of kernel
modules or Moby-integrated functionality. It has no negative side effects
as far as I am aware.
Signed-off-by: David Sheets <dsheets@docker.com>
fix#153
For now, just create the default remap user, rather than trying
to fix the command emulation. The existing code in docker is not
ideal, as it is GNU specific, try to find a better option for
1.13.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
When we updated from 4.4.10 to 4.4.14 we copied the patches over.
This changeset properly updates the patches so that they apply cleanly.
0039-VSOCK-do-not-disconnect-socket-when-peer-has-shutdow.patch was
removed as it made it into 4.4.14 already.
Compile tested only
For reference the patches were generated from:
https://github.com/rneugeba/linux-stable/tree/v4.4.14-moby
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Beginning of a proper test suite, using qemu. Test just runs docker
for now, will add further integration tests.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
We distinguish export suitability requests from bind mount suitability
requests in the transfuse control protocol. This distinction allows us to
permit both bind mounts of empty directories and export mounts onto empty
directories. Addresses docker/pinata#4213.
Signed-off-by: David Sheets <dsheets@docker.com>
This is less to do with installing modules (which we generally don't expect to
use in Moby) but to populate /lib/modules/`uname -r`/modules.builtin which
turns:
moby:~# modprobe ip_vs
modprobe: FATAL: Module ip_vs not found in directory /lib/modules/4.4.14-moby
moby:~# modprobe nf_nat
modprobe: FATAL: Module nf_nat not found in directory /lib/modules/4.4.14-moby
moby:~#
into:
moby:~# modprobe ip_vs
moby:~# modprobe nf_nat
moby:~#
which reduces the amount noise in the logs, e.g. in docker.log:
time="2016-07-04T11:21:58Z" level=warning msg="Running modprobe nf_nat failed with message: `modprobe: WARNING: Module nf_nat not found in directory /lib/modules/4.4.14-moby`, error: exit status 1"
A fair number of these appear in the logs.
This also stops various tools logging about /lib/modules/`uname -r` not
existing (there was one in the boot log until recently I think)
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
Avoid doing this on non-Docker-for-{Mac,Win} editions (which don't run vsudd)
by checking for vsudd.pid and avoid doing it on Docker-for-Win (for now) by
checking for /sys/bus/vmbus (as /etc/init.d/vsudd does too).
Ideally we would just check for /var/run/syslog.vsock but this may not have
arrived yet (typically vsudd is now started immediately prior to syslog and it
forks via start-stop-daemon and thus before it creates the socket). Since
syslogd will reopen as needed we don't want to delay boot either here or in the
vsudd initscript to await the arrival of the socket.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
This means that with the previous patches normal vsudd logging will be logged
on the console. The exceptional case of error logging during syslog forwarding
established in the previous patch remains in place.
Prior to this the vsudd.log was actually in /run/vsudd.log and not in /var/log/
(exported to the host) as expected. Prior to c5940b3479 ("Bind the original
/var/log onto /run/log") the log was simply shadowed under the fuse mount over
/var/log.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
This is mac only (for now) and will not actually do anything until syslogd is
told to forward to /var/run/syslog.vsock.
syslog uses a SOCK_DGRAM connection to /var/run/syslog.vsock, however vsock
today is SOCK_STREAM only, so we need to "packetise" the stream. Do so by
writing the datagram length as a (little-endian) uint32 before the data itself.
This is slightly modelled after rfc6587 (syslog over TCP) but simplified by
using a 4-byte binary value rather than ASCII digits.
Arrange for vsudd to start before the logger so it is ready and waiting.
Note that the code in vsyslog.go needs to be rather careful about its own
logging, in particular logging forwarding failures over syslog seems likely to
make things worse. Instead this file logs to the console when errors occur,
this will be captured by the logging of the hyperkit VM console.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
Rather than hardcoding a single vsock<->docker.sock mapping allow arbitrary
incoming connection forwarding between vsocks and unix domain sockets.
The intention was to subsequently extend this further to support arbitrary
forwarding of outgoing connections too and to use that to forward the syslog
socket out to a vsock.
This turned out not to be a good plan, partly since the syslog socket needs to
be SOCK_DATAGRAM but vsocks only does SOCK_STREAM today (meaning we need some
additional framing here) and partly because handling syslog forwarding in
common code makes error logging in the common code somewhat trickier (logging
syslog errors over syslog).
So instead syslog will be handled as a special case in a following patch.
However some vestiges of the original plan remain, e.g. the inForwards name and
the net field in the forwards which could be unixgram but currently is only
supporting unix(stream).
In principal this patch could be dropped, but it adds some flexibility which
might be useful in the future.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
