github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-10-31 00:45:22 +00:00
Code Issues Projects Releases Wiki Activity
2,778 Commits 1 Branch 31 Tags
db244ee9fdbc085a49472a48329de8cb1585f5b7
Commit Graph

134 Commits

Author SHA1 Message Date
Justin Cormack
bd5780e46d Merge pull request #1565 from justincormack/var-rework-again 
Rework how /var is mounted
 2017-04-10 14:27:40 +01:00
Rolf Neugebauer
29ad037125 demo: Remove jq and sfdisk from etcd image 
They are no longer needed as the mounting happens in the
mount container.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-10 11:41:17 +01:00
Justin Cormack
9ee52aa966 Rework how /var is mounted 
Instead of mounting a new filesystem, revert to doing a `rw` bind.

However do not make `/` `rshared`, just `/var` as that is where we expect
filesystems to be mounted for persistence. Also only make the actual
container rootfs writeable, not the whole directory.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-10 11:28:00 +01:00
Justin Cormack
ce70127028 Merge pull request #1561 from riyazdf/landlock-makefile-dockerfile 
Landlock: kernel build materials and example yml
 2017-04-10 10:48:37 +01:00
Rolf Neugebauer
baab60ea87 demo: Update etcd to use the new mount container 
Rolling updates still work

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-09 20:50:10 +01:00
Riyaz Faizullabhoy
3aead78f36 landlock: example yml 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2017-04-09 12:09:06 -07:00
Riyaz Faizullabhoy
b95ca1b358 landlock: gitignore for kernel build 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2017-04-09 12:08:53 -07:00
Riyaz Faizullabhoy
f89bd06edb landlock: Makefile with kernel-landlock name 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2017-04-09 12:07:10 -07:00
Riyaz Faizullabhoy
1e9495e609 landlock: Dockerfile 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2017-04-09 12:06:48 -07:00
Mickaël Salaün
296a0f4560 landlock: Backport patches from the sixth series 
Backport from Linux v4.11-rc3-812-gc6bf33827b7d to Linux 4.9.20:
https://github.com/landlock-lsm/linux/commits/landlock-v6-linux-v4.9.20

Do not include documentation nor tests.

See built documentation here:
https://landlock-lsm.github.io/linux-doc/landlock-v6/security/landlock/index.html

Signed-off-by: Mickaël Salaün <mic@digikod.net>
Link: https://lkml.kernel.org/r/20170328234650.19695-1-mic@digikod.net
 2017-04-09 19:45:24 +02:00
Mickaël Salaün
792238f5cb landlock: Add kernel_config{,.debug} 
Based on kernel_config{,.debug} from commit
724561bf69

Enable Landlock and userland sandbox example:
* CONFIG_SECURITY_LANDLOCK=y
* CONFIG_SAMPLES=y

Signed-off-by: Mickaël Salaün <mic@digikod.net>
 2017-04-09 19:45:24 +02:00
Mickaël Salaün
c6b3c62b83 landlock: Link to project 
Signed-off-by: Mickaël Salaün <mic@digikod.net>
 2017-04-09 19:45:24 +02:00
Rolf Neugebauer
733e8f3307 config: Remove unused binfmt container 
A few YAML files include the binfmt container, where it's not really
needed. Remove it to make the samples simpler.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-09 10:09:00 +01:00
Riyaz Faizullabhoy
9effac329a landlock: start project, add roadmap doc 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2017-04-08 20:05:39 -07:00
Justin Cormack
fb5d6a8fad Add an (empty) config file for containerd 
It needs one now.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-08 21:38:31 +01:00
Rolf Neugebauer
875cb565e3 demo: Update etcd README 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-08 20:38:53 +01:00
Rolf Neugebauer
31a4156686 demo: Add formatting and mounting to etcd image 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-08 20:38:53 +01:00
Rolf Neugebauer
a3d20abdb6 demo: Add a disk to the etcd image 
etcd works better with a persistent storage. So configure a
disk and add the formatting container to the image.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-08 20:38:53 +01:00
Rolf Neugebauer
6407cf360b demo: Update YAML files to new init section layout 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-08 20:37:17 +01:00
Rolf Neugebauer
b5dd0315e2 demo: Make sure the infrakit 'cli' directory exists 
Otherwise there is a warning on first use.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-08 20:32:25 +01:00
Justin Cormack
eb22d6909f system → onboot daemon → services 
As suggested by @shykes these are clearer

- onboot for things that are run at boot time to completion
- services for persistent services

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-08 16:56:47 +01:00
Ilya Dmitrichenko
54835a1d67 Fix typo 
Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
 2017-04-08 05:53:31 +01:00
Ilya Dmitrichenko
12d6e38b48 Use directory: true instead fo writing a dummy file 
Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
 2017-04-08 05:53:22 +01:00
Rolf Neugebauer
4520daa753 demo: Updated docs and added socat forwarding container 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-07 15:43:03 +01:00
Rolf Neugebauer
57f41c4b5a demo: Update YAMLS files 
New init for RO filesystem, updated DHCPD

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-07 15:43:03 +01:00
Rolf Neugebauer
f718d4195f demo: Add URL to modified VPNKit 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-07 15:43:03 +01:00
Rolf Neugebauer
f0961b8897 demo: Add a dockerfile to run etcdctl agains the local cluster 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-07 15:43:03 +01:00
Rolf Neugebauer
c660ca5ac4 demo: Create a cluster of 5 etcd daemons 
Also tweak the shell script a little and give the local and GCP
infrakit group different names.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-07 15:43:03 +01:00
Rolf Neugebauer
9878cabd1e demo: Add script to start infrakit 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-07 15:43:02 +01:00
Justin Cormack
d9faecdee9 Make init accept a list of images not just a single one. 
fix #1527

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-04-07 14:25:28 +01:00
Thomas Gazagnaire
81debfcd74 miragesdk: update README with moby build/run instructions 
Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
 2017-04-07 12:13:06 +02:00
Thomas Gazagnaire
914d27bed9 miragesdk: remove CAP_SYS_PTRACE 
Since https://github.com/opencontainers/runc/pull/774 we don't need this anymore.

Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
 2017-04-07 12:10:35 +02:00
Thomas Gazagnaire
d289de6416 miragesdk: update to latest runc 
Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
 2017-04-07 12:10:35 +02:00
Rolf Neugebauer
93a9a827b6 demo: Update documentation 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-07 10:52:40 +01:00
Rolf Neugebauer
01e39a16ac demo: Tweak etcd start script 
Try joining a new cluster initially. If that fails try to join
an existing cluster.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-07 10:52:40 +01:00
Rolf Neugebauer
17e4aa3e58 demo: Increase memory of etcd VMs to 1G 
512MB is too small to install etcd via apk in the RAM disk.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-07 10:52:40 +01:00
Justin Cormack
f4127faec3 Merge pull request #1526 from samoht/runc-calf 
miragesdk: start the calf using runc
 2017-04-07 10:42:58 +01:00
Ilya Dmitrichenko
961acc4c21 Working Kubernetes master 
Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
 2017-04-07 10:09:10 +01:00
Thomas Gazagnaire
a60ac17233 miragesdk: start the calf using runc 
`nested runc` unfortunately needs a lot of caps/privileged. The removal of `readonly: true` is also a bit unfortunate.

Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
 2017-04-06 19:39:21 +02:00
Thomas Gazagnaire
05089f9249 Merge pull request #1469 from samoht/system-handlers 
mirage-sdk: add system handlers
 2017-04-06 19:28:36 +02:00
Justin Cormack
0511e13bd4 Merge pull request #1523 from rneugeba/demo-cloud 
Update demo files/config/docs
 2017-04-06 18:10:27 +01:00
Ilya Dmitrichenko
e68e42c0fa WIP Kubernetes 
Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
 2017-04-06 17:57:48 +01:00
Rolf Neugebauer
dca2b4d223 demo: Add files/instructions for a GCP based etcd cluster 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-06 17:44:19 +01:00
Rolf Neugebauer
2bd75a621d demo: Switch etcd bootstrap from discovery service to static IPs 
This makes the configuration simpler but requires us to be able
to set IP addresses on instances.

This also, for simplicity, reduces the number of nodes to 3.

The script does not make assumption about specific IP addresses,
but does assume that the nodes have IP addresses such as:
a.b.c.200, a.b.c.201, and a.b.c.202.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-04-06 17:22:56 +01:00
Thomas Gazagnaire
bb536803be miragesdk: use the latest image dhcp-client image 
Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
 2017-04-06 17:44:25 +02:00
Thomas Gazagnaire
f44e2ffbcb miragesdk: cleaner errors 
Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
 2017-04-06 17:44:25 +02:00
Thomas Gazagnaire
fd447ee082 miragesdk: really allow to configure the DB path with the CLI 
Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
 2017-04-06 17:44:24 +02:00
Thomas Gazagnaire
4437c4a23b miragesdk: add a config.json file for the calf 
Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
 2017-04-06 17:44:24 +02:00
Thomas Gazagnaire
f5306b23ef miragesdk: fix the fork/exec init code and add a test 
Make all the low-level init code synchronous to avoid weird blocks on `close`.
Also move the net and ctl file descriptor at the beginning of the fd space for
the calf.

The SDK also allow to spamn multiple exec calves, which will all have the same
fd map:

- 0: stdin  = /dev/null
- 1: stdout = pipe to parent stdout
- 2: stderr = pipe to parent stderr
- 3: net    = socketpair to parent "net" pipe
- 4: ctl    = socketpair to parent "ctl" pipe

Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
 2017-04-06 17:44:24 +02:00
Thomas Gazagnaire
3cec2b1f5e miragesdk: refactor the SDK 
Expose a non-unix dependent flow-like API, so it is easier to test/use in a
unikernel.

Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
 2017-04-06 17:44:24 +02:00