github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-07-20 01:29:07 +00:00
Code Issues Projects Releases Wiki Activity
2,790 Commits 1 Branch 27 Tags 240 MiB
a3ec9e86df
Commit Graph

2790 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Justin Cormack
a3ec9e86df Add openntpd container 
Added to Docker example as Swarm mode likes time sync.

Note uses pool.ntp.org at present, on some providers it
should use a different source.

Constraints not enabled as they seem to have an issue;
possibly trying to set before network is up.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-10 20:32:59 +01:00
Justin Cormack
3afe494ae9 Merge pull request #1567 from justincormack/sysfs 
Add a sysfs container and fix memory hierarchy
 2017-04-10 17:59:37 +01:00
Justin Cormack
46799eb2de Merge pull request #1571 from dave-tucker/panic 
Fix panic in gcp code
 2017-04-10 17:37:52 +01:00
Justin Cormack
84034a0370 Merge pull request #1570 from justincormack/containerd-toml-default 
Use the real default containerd toml config
 2017-04-10 17:32:36 +01:00
Dave Tucker
0ece2e8227 moby: use type assertion to avoid panic in gcp code 
Signed-off-by: Dave Tucker <dt@docker.com>
 2017-04-10 17:29:59 +01:00
Justin Cormack
bc23fde1c2 Use the real default containerd toml config 
Rather than an empty one.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-10 16:25:13 +01:00
Rolf Neugebauer
270e091d07 Merge pull request #1569 from rneugeba/hyperkit 
Various hyperkit updates
 2017-04-10 16:22:54 +01:00
Rolf Neugebauer
34af633552 infrakit: rename the Moby property to kernel+initrd 
The infrakit plugin is not specific to Moby and should be able
to boot other Linux systems as long as a kernel image and
initial RAM disk are supplied. Reflect this in the property
passed to the plugin.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-10 16:12:08 +01:00
Rolf Neugebauer
70a27b667e infrakit: Adjust hyperkit instance plugin to new API 
The new API does not provide the option to pass in user data
anymore. Roll our own ISO instead.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-10 15:56:38 +01:00
Rolf Neugebauer
db244ee9fd cli: Adjust run_hyperkit to changed API 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-10 15:56:20 +01:00
Rolf Neugebauer
ff8105a474 vendor: Update hyperkit go bindings 
This will break compilation, until the next commit

Also update some package strings in 'vendor.conf' as the new vndr
was complaining about them not being root imports.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-10 15:23:37 +01:00
Justin Cormack
0ffc2867a9 Use hierarchy for memory cgroups 
Container systems expect this...

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-10 14:36:06 +01:00
Justin Cormack
821fdaecc8 Remove SELinux setup until actually implemented 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-10 14:35:07 +01:00
Justin Cormack
efd1efe531 Add a sysfs container 
However, do not try to change memory cgroups from it; this needs to be in `init`.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-10 14:33:38 +01:00
Justin Cormack
bd5780e46d Merge pull request #1565 from justincormack/var-rework-again 
Rework how /var is mounted
 2017-04-10 14:27:40 +01:00
Rolf Neugebauer
47402c955c Merge pull request #1566 from rneugeba/etcd-clean 
demo: Remove jq and sfdisk from etcd image
 2017-04-10 11:53:35 +01:00
Rolf Neugebauer
29ad037125 demo: Remove jq and sfdisk from etcd image 
They are no longer needed as the mounting happens in the
mount container.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-10 11:41:17 +01:00
Justin Cormack
9ee52aa966 Rework how /var is mounted 
Instead of mounting a new filesystem, revert to doing a `rw` bind.

However do not make `/` `rshared`, just `/var` as that is where we expect
filesystems to be mounted for persistence. Also only make the actual
container rootfs writeable, not the whole directory.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-10 11:28:00 +01:00
Justin Cormack
ce70127028 Merge pull request #1561 from riyazdf/landlock-makefile-dockerfile 
Landlock: kernel build materials and example yml
 2017-04-10 10:48:37 +01:00
Rolf Neugebauer
f2ec32a043 Merge pull request #1563 from rneugeba/kern-up 
kernel: Update to 4.10.9/4.9.21/4.4.60
 2017-04-09 23:12:49 +01:00
Rolf Neugebauer
201f89de74 kernel: Update to 4.10.9/4.9.21/4.4.60 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-09 22:50:18 +01:00
Justin Cormack
221dac183f Merge pull request #1560 from DieterReuter/patch-1 
Fix link to Landlock project
 2017-04-09 22:12:26 +01:00
Dieter Reuter
f6c2bca4cb Fix link to Landlock project 
Signed-off-by: Dieter Reuter <dieter.reuter@me.com>
 2017-04-09 20:06:04 +00:00
Justin Cormack
82d960c604 Merge pull request #1562 from rneugeba/demo-up 
demo: Update etcd to use the new mount container
 2017-04-09 21:00:26 +01:00
Rolf Neugebauer
baab60ea87 demo: Update etcd to use the new mount container 
Rolling updates still work

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-09 20:50:10 +01:00
Riyaz Faizullabhoy
3aead78f36 landlock: example yml 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2017-04-09 12:09:06 -07:00
Riyaz Faizullabhoy
b95ca1b358 landlock: gitignore for kernel build 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2017-04-09 12:08:53 -07:00
Riyaz Faizullabhoy
f89bd06edb landlock: Makefile with kernel-landlock name 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2017-04-09 12:07:10 -07:00
Riyaz Faizullabhoy
1e9495e609 landlock: Dockerfile 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2017-04-09 12:06:48 -07:00
Justin Cormack
9d1b120498 Merge pull request #1559 from l0kod/landlock-v6-linux-v4.9.20 
Backport Landlock v6 for Linux v4.9.20
 2017-04-09 19:31:21 +01:00
Mickaël Salaün
296a0f4560 landlock: Backport patches from the sixth series 
Backport from Linux v4.11-rc3-812-gc6bf33827b7d to Linux 4.9.20:
https://github.com/landlock-lsm/linux/commits/landlock-v6-linux-v4.9.20

Do not include documentation nor tests.

See built documentation here:
https://landlock-lsm.github.io/linux-doc/landlock-v6/security/landlock/index.html

Signed-off-by: Mickaël Salaün <mic@digikod.net>
Link: https://lkml.kernel.org/r/20170328234650.19695-1-mic@digikod.net
 2017-04-09 19:45:24 +02:00
Mickaël Salaün
792238f5cb landlock: Add kernel_config{,.debug} 
Based on kernel_config{,.debug} from commit
724561bf69

Enable Landlock and userland sandbox example:
* CONFIG_SECURITY_LANDLOCK=y
* CONFIG_SAMPLES=y

Signed-off-by: Mickaël Salaün <mic@digikod.net>
 2017-04-09 19:45:24 +02:00
Mickaël Salaün
c6b3c62b83 landlock: Link to project 
Signed-off-by: Mickaël Salaün <mic@digikod.net>
 2017-04-09 19:45:24 +02:00
Justin Cormack
60f84fb917 Merge pull request #1558 from justincormack/report-9-april 
Add weekly report for 9 April 2017
 2017-04-09 17:38:12 +01:00
Justin Cormack
6476ed0441 Add weekly report for 9 April 2017 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-09 17:00:40 +01:00
Justin Cormack
74b720a42a Merge pull request #1557 from justincormack/mount-take-2 
Make mount a standalone package, fix mount propagation
 2017-04-09 16:02:24 +01:00
Justin Cormack
961c98e33e Merge pull request #1521 from thebsdbox/qemu 
CLI: Added qemu backend
 2017-04-09 13:56:09 +01:00
Justin Cormack
f079f7a7cd Update to new init container with mount changes 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-09 13:52:45 +01:00
Justin Cormack
b2a3215e5f Update Docker image to use mount image not do mount itself 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-09 13:50:04 +01:00
Justin Cormack
bfa76205d5 Change propagation for root 
- make / rshared
- make /containers private
- make /var its own tmpfs mountpoint, shared

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-09 13:50:04 +01:00
thebsdbox
01aa2abdd4 CLI: Added qemu backend 
Signed-off-by: Dan Finneran <daniel.finneran@gmail.com>
 2017-04-09 13:49:00 +01:00
Justin Cormack
3ffa912c41 Move mount back to its own package, not inside docker 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-09 12:53:46 +01:00
Rolf Neugebauer
48cb54d378 Merge pull request #1555 from rneugeba/nobinfmt 
config: Remove unused binfmt container
 2017-04-09 10:26:59 +01:00
Rolf Neugebauer
733e8f3307 config: Remove unused binfmt container 
A few YAML files include the binfmt container, where it's not really
needed. Remove it to make the samples simpler.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-09 10:09:00 +01:00
Justin Cormack
f45e7c898f Merge pull request #1552 from riyazdf/trust-yaml-docs 
Content Trust yaml docs and code improvements
 2017-04-09 09:53:55 +01:00
Justin Cormack
df22e868c3 Merge pull request #1554 from riyazdf/landlock-project 
landlock: start project, add roadmap doc
 2017-04-09 09:52:53 +01:00
Justin Cormack
e0aced6be0 Merge pull request #1550 from justincormack/rootfs-mountpoint 
Make each rootfs a mountpoint by binding
 2017-04-09 09:52:23 +01:00
Riyaz Faizullabhoy
9effac329a landlock: start project, add roadmap doc 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2017-04-08 20:05:39 -07:00
Riyaz Faizullabhoy
b1475d33bc trust: add yaml docs 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2017-04-08 17:25:33 -07:00
Riyaz Faizullabhoy
7f79de1b6f trust: clean up logic for digests and orgs 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2017-04-08 17:25:18 -07:00