If the LogicalID passed in is a IP address, turn this into
a UUID and pass it to HyperKit. This will cause VPNKit to
assign the IP address the VM.
Note: This currently requires a custom version of VPNKit
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
`nested runc` unfortunately needs a lot of caps/privileged. The removal of `readonly: true` is also a bit unfortunate.
Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
- one was old for installing in d4m no longer relevant
- the other is relaced by `docker run hyperkit`
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This makes the configuration simpler but requires us to be able
to set IP addresses on instances.
This also, for simplicity, reduces the number of nodes to 3.
The script does not make assumption about specific IP addresses,
but does assume that the nodes have IP addresses such as:
a.b.c.200, a.b.c.201, and a.b.c.202.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Make all the low-level init code synchronous to avoid weird blocks on `close`.
Also move the net and ctl file descriptor at the beginning of the fd space for
the calf.
The SDK also allow to spamn multiple exec calves, which will all have the same
fd map:
- 0: stdin = /dev/null
- 1: stdout = pipe to parent stdout
- 2: stderr = pipe to parent stderr
- 3: net = socketpair to parent "net" pipe
- 4: ctl = socketpair to parent "ctl" pipe
Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
This forces us to bind mount /lib but will be replaced by calling the proper
bindings later on.
Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
It is not necessary to bring up `eth0`, the program does it fine.
This means we can remove shell script, clean up build.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Previously, the cmdline file was never sent in the build context which
caused the script to pick the default options.
Also, when mulitple options are specified (not the default) the right
escaping needs to be used.
Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
- masked paths
- readonly paths
- allow attaching to existing namespaces, eg if bind mounted by a system container
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This works and runs containers now, if you eg `runc exec` into it.
Needs a few tweaks for rlimits, but will pull and run containers.
Will integrate better with ssh/dev containers to make more usable.
For a simple test use
```
./bin/moby build examples/docker.yml
./bin/moby run hyperkit -disk-size 100 docker
```
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This is based on the code we used for Docker Editions, and
will format an external drive, to be used for example for
`/var` for Docker image persistence.
It does not `mount` the drive yet, as splitting format and mount
gives better modularity.
Example yaml fragment:
```
- name: format
image: "mobylinux/format:097d4f22b20f976b1f89d8f0b8a5d074d35b856c"
binds:
- /dev:/dev
capabilities:
- CAP_SYS_ADMIN
- CAP_MKNOD
```
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Pass version and git commit hash from the Makefile
into main.go. Add a 'version' subcommand to print
the information.
While at it also tweak the help output to only print the
command name and not the entire path.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
