linuxkit

mirror of https://github.com/linuxkit/linuxkit.git synced 2025-07-24 19:28:09 +00:00

Author	SHA1	Message	Date
Justin Cormack	822e4df468	Add Yama LSM Default config is restricted ptrace, processes can only ptrace related processes, such as child processes, rather than any process with the same uid. Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-12-14 17:04:36 -08:00
Justin Cormack	7d7c52a55e	Merge pull request #831 from justincormack/split-containers Split the initrd into base and containers	2016-12-02 10:19:03 -08:00
Justin Cormack	960f52d18c	Split the initrd into base and containers In future this will allow easier customisation of the containers for each edition. Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-12-02 18:13:45 +00:00
Justin Cormack	c6163f7ffd	Merge pull request #762 from simonferquel/vsudd_dontretry_on_dockerd [vsudd] Don't retry when dockerd is not running	2016-12-02 08:23:23 -08:00
Justin Cormack	ab522f6106	Merge pull request #830 from justincormack/initrd-align-4 Align compressed initrd to 4 bytes	2016-12-02 08:14:36 -08:00
Justin Cormack	72d4d5aefc	Align compressed initrd to 4 bytes Allows appending another initrd. Also build initrd on tmpfs as should be a bit faster now we have to do another copy. Fix #618 Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-12-02 16:05:49 +00:00
Justin Cormack	06cf2b5d12	Merge pull request #829 from justincormack/linuxup Update to Linux 4.8.12	2016-12-02 06:52:22 -08:00
Justin Cormack	9916e7510d	Merge pull request #828 from justincormack/azure-quoting Missing quote in azure init script	2016-12-02 06:12:54 -08:00
Justin Cormack	f870b6641b	Update to Linux 4.8.12 - security update Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-12-02 14:12:06 +00:00
Justin Cormack	43c531f8f6	Merge pull request #827 from justincormack/container-rngd Run rngd inside a system container	2016-12-02 06:07:46 -08:00
Justin Cormack	6e10fa9399	Missing quote in azure init script Fix #826 Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-12-02 14:03:21 +00:00
Justin Cormack	933372e45a	Run rngd inside a system container - this needs an init as it does not respond to stop signals, so include tini - needs CAP_SYS_ADMIN to write to kernel entropy estimate - set kernel.random.write_wakeup_threshold so that rngd does not need sysctl write access - build patches from Alpine, but statically linked - remove rngd from base image, means we no longer need community repository Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-12-02 14:00:12 +00:00
Justin Cormack	842527996c	Merge pull request #825 from justincormack/go-up Update to Go 1.7.4	2016-12-02 01:59:39 -08:00
Justin Cormack	1ecdeeed44	Update to Go 1.7.4 Security update. Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-12-02 09:51:36 +00:00
Justin Cormack	5608dfbf5d	Merge pull request #819 from riyazdf/lynis-sysctl-changes Add sysctl changes as suggested by lynis	2016-12-02 01:30:55 -08:00
Justin Cormack	07b1806061	Merge pull request #824 from riyazdf/bump-waalinux-opensslconfig Bump windows azure linux agent to include openssl config swapping logic	2016-12-02 01:29:06 -08:00
Riyaz Faizullabhoy	aa4e996d16	Bump windows azure linux agent to include openssl config swapping logic Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-12-01 19:15:50 -08:00
Riyaz Faizullabhoy	0eefa15623	Add sysctl changes as suggested by lynis Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-12-01 15:41:57 -08:00
Justin Cormack	cb486e5cc5	Merge pull request #820 from riyazdf/digests-and-trust Use digests for external images and scripts where possible	2016-12-01 12:57:32 -08:00
Justin Cormack	c004fb5efa	Merge pull request #822 from riyazdf/dct-in-pull Use DCT in library/docker run command	2016-12-01 10:34:33 -08:00
Riyaz Faizullabhoy	4011d4842a	Use digests instead of tags where possible Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-12-01 09:39:02 -08:00
Riyaz Faizullabhoy	4068e792fd	Use DCT in library run command Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-12-01 09:27:01 -08:00
Justin Cormack	6b47f7ef6d	Merge pull request #821 from justincormack/binfmt-cleanup Makefile cleanup for binfmt	2016-12-01 07:30:09 -08:00
Justin Cormack	19e3dd4c60	Makefile cleanup for binfmt Remove duplication and simplify. Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-12-01 15:23:03 +00:00
Nathan LeClaire	b5ea59e122	Merge pull request #788 from justincormack/small-ami Use a 1G AMI	2016-11-30 16:22:41 -08:00
Justin Cormack	b0fdca348b	Merge pull request #817 from justincormack/content-trust Use DOCKER_CONTENT_TRUST=1 when pulling library images	2016-11-30 05:40:56 -08:00
Justin Cormack	ae885bd714	Use DOCKER_CONTENT_TRUST=1 when pulling library images When building the base images always test signatures. This will be the default at some point. Add a test that content trust is working. Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-11-30 13:35:38 +00:00
Justin Cormack	078f8be56c	Merge pull request #815 from justincormack/binfmt-container Containerize binfmt_misc	2016-11-30 05:33:38 -08:00
Justin Cormack	8d3691fabb	Containerize binfmt_misc - statically make containerd symlinks so rootfs can be read only - run binfmt_misc in a containerd container - ship arm, aarch64, ppc64le qemu static versions that always "just work" as this is supported in Linux 4.8 fix #53 Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-11-30 12:49:37 +00:00
Simon Ferquel	641669cafb	Redirect vsudd stdout/stderr to console Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>	2016-11-30 10:31:11 +01:00
Simon Ferquel	a12a833b20	[vsudd] Don't retry when dockerd is not running Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>	2016-11-30 10:31:11 +01:00
Justin Cormack	1f2f77f1e9	Merge pull request #811 from justincormack/noswap Disable rc swap script	2016-11-29 07:47:00 -08:00
Justin Cormack	e131ad013e	Merge pull request #808 from FrenchBen/fix-azure Fixed Azure go utils	2016-11-29 07:46:41 -08:00
Justin Cormack	018be45ec8	Merge pull request #809 from justincormack/shell-exec Use shell to execute userdata	2016-11-29 07:43:14 -08:00
Justin Cormack	2f0211b1e8	Disable rc swap script We now do our own swap management in automount. Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-11-29 15:31:12 +00:00
Justin Cormack	e7ea0fbd37	Use shell to execute userdata /tmp is mounted `noexec`, just use the shell to execute the userdata. Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-11-29 15:19:09 +00:00
French Ben	db1fe34243	Fixed Azure go utils Signed-off-by: French Ben <frenchben@docker.com>	2016-11-29 07:13:24 -08:00
Justin Cormack	d523b95b1f	Merge pull request #806 from riyazdf/disable-kernel-modules Disable kernel modules for cloud editions from moby	2016-11-28 16:07:03 -08:00
Riyaz Faizullabhoy	c492c01c82	Disable kernel modules for cloud editions from moby by checking in a modified sysctl init with a cloud config Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-11-28 15:40:02 -08:00
Justin Cormack	ac484232f7	Merge pull request #799 from justincormack/kernelup Update to Linux 4.8.11	2016-11-28 09:15:54 -08:00
Justin Cormack	228acc91f5	Merge pull request #802 from justincormack/var-dirs-extra Fix directories under /var after formatting	2016-11-28 08:19:00 -08:00
Justin Cormack	8a5d7ecadf	Fix directories under /var after formatting - /var/lock test - add /var/cache subdirectories - move old boot2docker directories fix #801 fix #792 Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-11-28 16:12:51 +00:00
Justin Cormack	b9acf524f9	Update to Linux 4.8.11 Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-11-28 15:00:20 +00:00
Justin Cormack	8146c2ae72	Merge pull request #798 from justincormack/binfmt-upstream Use the upstream binfmt script not out custom one	2016-11-28 06:01:00 -08:00
Justin Cormack	9dd0b21f61	Use the upstream binfmt script not out custom one This makes the binfmt package much simpler, just a config file. Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-11-28 13:53:14 +00:00
Justin Cormack	34d5b8a939	Merge pull request #797 from justincormack/binfmt-nomount Use the procfs script to mount binfmt	2016-11-28 05:27:00 -08:00
Justin Cormack	0a4b71edbe	Use the procfs script to mount binfmt This means our script does not need to do mount. Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-11-28 12:17:23 +00:00
Justin Cormack	77a8378e62	Merge pull request #796 from justincormack/toybox-fix Fix build failure in toybox build with one argument	2016-11-28 04:07:08 -08:00
Justin Cormack	33888458e5	Fix build failure in toybox build with one argument Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-11-28 11:59:09 +00:00
Justin Cormack	60beadb13f	Merge pull request #795 from djs55/fix-resize Fix filesystem resize by calling `e2fsck -f` first	2016-11-28 03:42:15 -08:00

1 2 3 4 5 ...

1644 Commits