12 Commits

Author	SHA1	Message	Date
Justin Cormack	3c326bebdf	Make / rshared ... Previously only `/var` was `rshared` but some people need to share mounts in `/opt` etc so let us make everything `rshared` for now. Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2017-04-12 13:10:46 +01:00
Justin Cormack	0ffc2867a9	Use hierarchy for memory cgroups ... Container systems expect this... Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2017-04-10 14:36:06 +01:00
Justin Cormack	821fdaecc8	Remove SELinux setup until actually implemented ... Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2017-04-10 14:35:07 +01:00
Justin Cormack	9ee52aa966	Rework how /var is mounted ... Instead of mounting a new filesystem, revert to doing a `rw` bind. However do not make `/` `rshared`, just `/var` as that is where we expect filesystems to be mounted for persistence. Also only make the actual container rootfs writeable, not the whole directory. Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2017-04-10 11:28:00 +01:00
Justin Cormack	bfa76205d5	Change propagation for root ... - make / rshared - make /containers private - make /var its own tmpfs mountpoint, shared Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2017-04-09 13:50:04 +01:00
Justin Cormack	c40351a0a8	Make each rootfs a mountpoint by binding ... Otherwise shared mounts do not work correctly with `runc`. Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2017-04-08 21:10:30 +01:00
Justin Cormack	eb22d6909f	system → onboot daemon → services ... As suggested by @shykes these are clearer - onboot for things that are run at boot time to completion - services for persistent services Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2017-04-08 16:56:47 +01:00
Riyaz Faizullabhoy	8ba64546eb	Remount rootfs as read-only after init, /var and /containers mounted as ... read-write Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2017-04-06 09:30:46 -07:00
Ian Campbell	2b54e18f9f	Drop unnecessary use of start-stop-daemon with containerd. ... Signed-off-by: Ian Campbell <ian.campbell@docker.com>	2017-04-06 09:34:38 +01:00
Ian Campbell	8270bdfe33	Use exec in a couple of places to avoid needless lingering /bin/sh processes ... ``` $ apk -U add procps $ ps xf 1 ? Ss 0:05 /sbin/init 357 ? Ss 0:00 /bin/sh /etc/init.d/containerd 359 ? Sl 0:00 \_ /usr/bin/containerd 360 ? Ss 0:00 /bin/sh /etc/init.d/containers 432 ? Sl 0:00 \_ /usr/bin/runc run --bundle /containers/daemon/swa 466 ? Ssl 0:00 | \_ /usr/bin/swarmd --containerd-addr=/run/contai 427 ? Sl 0:00 \_ /usr/bin/runc run --bundle /containers/daemon/dhc 457 ? Ss 0:00 | \_ bin/sh /usr/local/bin/start_dhcpcd.sh 474 ? S 0:00 | \_ /sbin/dhcpcd --nobackground 429 ? Sl 0:00 \_ /usr/bin/runc run --bundle /containers/daemon/rng 576 ? Ss 0:00 \_ /bin/tini /usr/sbin/rngd -f 580 ? S 0:00 \_ /usr/sbin/rngd -f ``` becomes ``` $ ps xf 1 ? Ss 0:06 /sbin/init 358 ? Ss 0:00 /bin/sh /etc/init.d/containers 426 ? Sl 0:00 \_ /usr/bin/runc run --bundle /containers/daemon/dhc 458 ? Ss 0:00 | \_ /sbin/dhcpcd --nobackground 431 ? Sl 0:00 \_ /usr/bin/runc run --bundle /containers/daemon/swa 460 ? Ssl 0:00 | \_ /usr/bin/swarmd --containerd-addr=/run/contai 428 ? Sl 0:00 \_ /usr/bin/runc run --bundle /containers/daemon/rng 574 ? Ss 0:00 \_ /bin/tini /usr/sbin/rngd -f 578 ? S 0:00 \_ /usr/sbin/rngd -f 356 ? Ssl 0:00 /usr/bin/containerd ``` Specifically these are gone: 357 ? Ss 0:00 /bin/sh /etc/init.d/containerd 457 ? Ss 0:00 | \_ bin/sh /usr/local/bin/start_dhcpcd.sh Signed-off-by: Ian Campbell <ian.campbell@docker.com>	2017-04-06 09:34:38 +01:00
Riyaz Faizullabhoy	a33b9ff4b1	dhcpcd system container ... Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2017-04-04 08:23:47 -07:00
Justin Cormack	905636d642	Move installable packages to pkg ... Still leaves some intermediate repos in `base/` See #1266 Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2017-03-22 12:33:11 +00:00