linuxkit

mirror of https://github.com/linuxkit/linuxkit.git synced 2026-01-30 03:27:20 +00:00

Author	SHA1	Message	Date
Riyaz Faizullabhoy	0eefa15623	Add sysctl changes as suggested by lynis Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-12-01 15:41:57 -08:00
Justin Cormack	cb486e5cc5	Merge pull request #820 from riyazdf/digests-and-trust Use digests for external images and scripts where possible	2016-12-01 12:57:32 -08:00
Justin Cormack	c004fb5efa	Merge pull request #822 from riyazdf/dct-in-pull Use DCT in library/docker run command	2016-12-01 10:34:33 -08:00
Riyaz Faizullabhoy	4011d4842a	Use digests instead of tags where possible Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-12-01 09:39:02 -08:00
Riyaz Faizullabhoy	4068e792fd	Use DCT in library run command Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-12-01 09:27:01 -08:00
Justin Cormack	19e3dd4c60	Makefile cleanup for binfmt Remove duplication and simplify. Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-12-01 15:23:03 +00:00
Nathan LeClaire	b5ea59e122	Merge pull request #788 from justincormack/small-ami Use a 1G AMI	2016-11-30 16:22:41 -08:00
Justin Cormack	ae885bd714	Use DOCKER_CONTENT_TRUST=1 when pulling library images When building the base images always test signatures. This will be the default at some point. Add a test that content trust is working. Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-11-30 13:35:38 +00:00
Justin Cormack	8d3691fabb	Containerize binfmt_misc - statically make containerd symlinks so rootfs can be read only - run binfmt_misc in a containerd container - ship arm, aarch64, ppc64le qemu static versions that always "just work" as this is supported in Linux 4.8 fix #53 Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-11-30 12:49:37 +00:00
Simon Ferquel	641669cafb	Redirect vsudd stdout/stderr to console Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>	2016-11-30 10:31:11 +01:00
Simon Ferquel	a12a833b20	[vsudd] Don't retry when dockerd is not running Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>	2016-11-30 10:31:11 +01:00
Justin Cormack	1f2f77f1e9	Merge pull request #811 from justincormack/noswap Disable rc swap script	2016-11-29 07:47:00 -08:00
Justin Cormack	e131ad013e	Merge pull request #808 from FrenchBen/fix-azure Fixed Azure go utils	2016-11-29 07:46:41 -08:00
Justin Cormack	018be45ec8	Merge pull request #809 from justincormack/shell-exec Use shell to execute userdata	2016-11-29 07:43:14 -08:00
Justin Cormack	2f0211b1e8	Disable rc swap script We now do our own swap management in automount. Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-11-29 15:31:12 +00:00
Justin Cormack	e7ea0fbd37	Use shell to execute userdata /tmp is mounted `noexec`, just use the shell to execute the userdata. Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-11-29 15:19:09 +00:00
French Ben	db1fe34243	Fixed Azure go utils Signed-off-by: French Ben <frenchben@docker.com>	2016-11-29 07:13:24 -08:00
Justin Cormack	d523b95b1f	Merge pull request #806 from riyazdf/disable-kernel-modules Disable kernel modules for cloud editions from moby	2016-11-28 16:07:03 -08:00
Riyaz Faizullabhoy	c492c01c82	Disable kernel modules for cloud editions from moby by checking in a modified sysctl init with a cloud config Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-11-28 15:40:02 -08:00
Justin Cormack	ac484232f7	Merge pull request #799 from justincormack/kernelup Update to Linux 4.8.11	2016-11-28 09:15:54 -08:00
Justin Cormack	8a5d7ecadf	Fix directories under /var after formatting - /var/lock test - add /var/cache subdirectories - move old boot2docker directories fix #801 fix #792 Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-11-28 16:12:51 +00:00
Justin Cormack	b9acf524f9	Update to Linux 4.8.11 Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-11-28 15:00:20 +00:00
Justin Cormack	9dd0b21f61	Use the upstream binfmt script not out custom one This makes the binfmt package much simpler, just a config file. Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-11-28 13:53:14 +00:00
Justin Cormack	0a4b71edbe	Use the procfs script to mount binfmt This means our script does not need to do mount. Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-11-28 12:17:23 +00:00
Justin Cormack	77a8378e62	Merge pull request #796 from justincormack/toybox-fix Fix build failure in toybox build with one argument	2016-11-28 04:07:08 -08:00
Justin Cormack	33888458e5	Fix build failure in toybox build with one argument Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-11-28 11:59:09 +00:00
David Scott	79f8a87569	Fix filesystem resize by calling `e2fsck -f` first Previously when the block device was resized the partition table was also resized but the filesystem was not. For an increase from 64GiB to 128GiB the console showed: * Configuring host block device .../dev/vda1: clean, 62/4194304 files, 604445/16776960 blocks Resizing disk partition: Unpartitioned space /dev/vda: 64 GiB, 68719476736 bytes, 134217728 sectors resize2fs 1.43.3 (04-Sep-2016) Please run 'e2fsck -f /dev/vda1' first. /dev/vda1: clean, 62/4194304 files, 604445/16776960 blocks This patch makes `resize2fs` happy by running `e2fsck -f` beforehand as requested. Signed-off-by: David Scott <dave.scott@docker.com>	2016-11-28 11:32:12 +00:00
Justin Cormack	be56c8e68a	Re-add strace Trying to debug apk issues. Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-11-25 17:26:34 +00:00
Justin Cormack	94f73c7664	Merge pull request #793 from justincormack/tmp-tmpfs Add a tmpfs at /tmp	2016-11-25 09:11:21 -08:00
Justin Cormack	46adfec8a7	Add a tmpfs at /tmp This makes sure that once we have ro rootfs any programs that still for any reason use `/tmp` can still write to it, or if people expect sharing it into a container to work. fix #778 Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-11-25 17:05:45 +00:00
Justin Cormack	35c0bfe529	Make sure we do apk upgrade -a Also base off 3.4 for consistency. Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-11-24 21:07:00 +00:00
Justin Cormack	0daeb4cfc9	Use a 1G AMI Now we do dynamic resize, choose the smallest AMI size, 1G rather than the old 20G AMI. Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-11-24 13:51:53 +00:00
Justin Cormack	997550c1a2	Remove last references to EXPERIMENTAL Only support 1.13 now, experimental is a runtime flag. see #647 Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-11-24 13:37:07 +00:00
Justin Cormack	55b2652bfa	Merge pull request #786 from justincormack/git-commit Add Moby git commit to image	2016-11-24 05:14:46 -08:00
Justin Cormack	99a8a959b7	Add Moby git commit to image Fix #345 Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-11-24 13:09:58 +00:00
Justin Cormack	28baa22239	Use daemon version in diagnostics Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-11-24 12:23:27 +00:00
Justin Cormack	a984ddba27	Update Alpine 3.5 base image - openrc updates - SSL certs package no longer depends on openssl tool in libressl package. Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-11-24 12:08:13 +00:00
Justin Cormack	32253f83da	Update to Docker 1.13.0-rc2 Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-11-23 21:40:23 +00:00
Justin Cormack	8385b4ece3	Merge pull request #779 from justincormack/noexec-run Make /run nosuid,noexec	2016-11-23 06:42:55 -08:00
Justin Cormack	545b12ee7d	Explicitly use slirp-proxy in iptables So as to allow a read only root filesystem, we use the proxy path config option to override the Docker proxy for 1.13. This means that the iptables override needs to call this binary not the original docker-proxy binary to allow port forwarding. Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-11-23 13:48:27 +00:00
Justin Cormack	80c9cee485	Make /run nosuid,noexec This was not sufficiently locked down. Fix #720 Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-11-23 12:08:53 +00:00
Justin Cormack	f2b8beb0ee	Merge pull request #777 from justincormack/win-trim Run TRIM on Windows every 15m	2016-11-23 03:37:33 -08:00
Justin Cormack	41f4841399	Run TRIM on Windows every 15m As the Windows virtual device supports TRIM we can run this to free up disk space frequently. Not recommended to run on physical devices this often. See https://github.com/docker/pinata/issues/5298 Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-11-23 11:30:35 +00:00
Justin Cormack	a95ada36a2	Do not create swap file if the disk is small - on very small disks, eg CI, do not create a swap file. Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-11-23 11:25:19 +00:00
Justin Cormack	cd5b2a8f98	Resize device if there is free space If the block device has unused free space, extend the filesystem on it. Fix #120 Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-11-22 21:59:53 +00:00
Justin Cormack	841bbf2d17	Merge pull request #774 from nathanleclaire/azure_init_beta12 Azure init beta12	2016-11-21 23:54:17 +00:00
Nathan LeClaire	b51d28e734	Include version and daemon.json in Azure init script Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com>	2016-11-21 15:43:19 -08:00
Justin Cormack	3f2eb7630e	fix typo making swap file Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-11-21 23:02:44 +00:00
Justin Cormack	8e23494bed	Merge pull request #770 from rneugeba/kernel-fix kernel: update/fix patches for 4.8.10	2016-11-21 22:06:27 +00:00
Justin Cormack	20f6db11b3	Remove ssh server packages These will be containerised, and were disabled anyway. Need client, as git needs it, and docker needs git. Signed-off-by: Justin Cormack <justin.cormack@docker.com>	2016-11-21 21:47:10 +00:00

... 5 6 7 8 9 ...

1472 Commits