github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2026-01-19 16:44:25 +00:00
Code Issues Projects Releases Wiki Activity
1,631 Commits 1 Branch 31 Tags
fdffacd8099d7eb5e6439fe4ade0527f7c7f208a
Commit Graph

1162 Commits

Author SHA1 Message Date
Riyaz Faizullabhoy
fdffacd809 Add sysctl changes as suggested by lynis 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-12-01 15:41:57 -08:00
Justin Cormack
ea4809a647 Use DOCKER_CONTENT_TRUST=1 when pulling library images 
When building the base images always test signatures.

This will be the default at some point.

Add a test that content trust is working.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-30 13:35:38 +00:00
Justin Cormack
3e6301f501 Containerize binfmt_misc 
- statically make containerd symlinks so rootfs can be read only
- run binfmt_misc in a containerd container
- ship arm, aarch64, ppc64le qemu static versions that always "just work" as this is supported in Linux 4.8

fix #53

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-30 12:49:37 +00:00
Justin Cormack
67527099ec Merge pull request #811 from justincormack/noswap 
Disable rc swap script
 2016-11-29 07:47:00 -08:00
Justin Cormack
b011c62704 Merge pull request #808 from FrenchBen/fix-azure 
Fixed Azure go utils
 2016-11-29 07:46:41 -08:00
Justin Cormack
fc1340c2cf Merge pull request #809 from justincormack/shell-exec 
Use shell to execute userdata
 2016-11-29 07:43:14 -08:00
Justin Cormack
c741ae116b Disable rc swap script 
We now do our own swap management in automount.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-29 15:31:12 +00:00
Justin Cormack
71c4b1a07c Use shell to execute userdata 
/tmp is mounted `noexec`, just use the shell to execute the userdata.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-29 15:19:09 +00:00
French Ben
86cfaa9393 Fixed Azure go utils 
Signed-off-by: French Ben <frenchben@docker.com>
 2016-11-29 07:13:24 -08:00
Justin Cormack
1265e910ff Merge pull request #806 from riyazdf/disable-kernel-modules 
Disable kernel modules for cloud editions from moby
 2016-11-28 16:07:03 -08:00
Riyaz Faizullabhoy
0a265fa521 Disable kernel modules for cloud editions from moby by checking in 
a modified sysctl init with a cloud config

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-11-28 15:40:02 -08:00
Justin Cormack
1f422952e1 Merge pull request #799 from justincormack/kernelup 
Update to Linux 4.8.11
 2016-11-28 09:15:54 -08:00
Justin Cormack
a10937be11 Fix directories under /var after formatting 
- /var/lock test
- add /var/cache subdirectories
- move old boot2docker directories

fix #801
fix #792

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-28 16:12:51 +00:00
Justin Cormack
12322d362c Update to Linux 4.8.11 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-28 15:00:20 +00:00
Justin Cormack
abef0edf38 Use the upstream binfmt script not out custom one 
This makes the binfmt package much simpler, just a config file.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-28 13:53:14 +00:00
Justin Cormack
44832cec1b Use the procfs script to mount binfmt 
This means our script does not need to do mount.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-28 12:17:23 +00:00
Justin Cormack
c92d7b2af0 Merge pull request #796 from justincormack/toybox-fix 
Fix build failure in toybox build with one argument
 2016-11-28 04:07:08 -08:00
Justin Cormack
e29f00b35f Fix build failure in toybox build with one argument 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-28 11:59:09 +00:00
David Scott
3726abb3d1 Fix filesystem resize by calling e2fsck -f first 
Previously when the block device was resized the partition table was also
resized but the filesystem was not. For an increase from 64GiB to 128GiB
the console showed:

     * Configuring host block device .../dev/vda1: clean, 62/4194304 files, 604445/16776960 blocks
    Resizing disk partition: Unpartitioned space /dev/vda: 64 GiB, 68719476736 bytes, 134217728 sectors
    resize2fs 1.43.3 (04-Sep-2016)
    Please run 'e2fsck -f /dev/vda1' first.

    /dev/vda1: clean, 62/4194304 files, 604445/16776960 blocks

This patch makes `resize2fs` happy by running `e2fsck -f` beforehand as
requested.

Signed-off-by: David Scott <dave.scott@docker.com>
 2016-11-28 11:32:12 +00:00
Justin Cormack
c860e6e961 Re-add strace 
Trying to debug apk issues.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-25 17:26:34 +00:00
Justin Cormack
38183b2f76 Merge pull request #793 from justincormack/tmp-tmpfs 
Add a tmpfs at /tmp
 2016-11-25 09:11:21 -08:00
Justin Cormack
1f87461538 Add a tmpfs at /tmp 
This makes sure that once we have ro rootfs any programs that still
for any reason use `/tmp` can still write to it, or if people expect
sharing it into a container to work.

fix #778

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-25 17:05:45 +00:00
Justin Cormack
8f375ddd48 Make sure we do apk upgrade -a 
Also base off 3.4 for consistency.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-24 21:07:00 +00:00
Justin Cormack
8ccb1bfdb3 Remove last references to EXPERIMENTAL 
Only support 1.13 now, experimental is a runtime flag.

see #647

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-24 13:37:07 +00:00
Justin Cormack
d685d8b029 Merge pull request #786 from justincormack/git-commit 
Add Moby git commit to image
 2016-11-24 05:14:46 -08:00
Justin Cormack
be12f5888f Add Moby git commit to image 
Fix #345

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-24 13:09:58 +00:00
Justin Cormack
65d627b938 Use daemon version in diagnostics 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-24 12:23:27 +00:00
Justin Cormack
c2ea4a2381 Update Alpine 3.5 base image 
- openrc updates
- SSL certs package no longer depends on openssl tool in libressl package.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-24 12:08:13 +00:00
Justin Cormack
8d7957951c Update to Docker 1.13.0-rc2 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-23 21:40:23 +00:00
Justin Cormack
e65098fff2 Merge pull request #779 from justincormack/noexec-run 
Make /run nosuid,noexec
 2016-11-23 06:42:55 -08:00
Justin Cormack
bd25c68032 Explicitly use slirp-proxy in iptables 
So as to allow a read only root filesystem, we use the proxy
path config option to override the Docker proxy for 1.13.

This means that the iptables override needs to call this binary
not the original docker-proxy binary to allow port forwarding.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-23 13:48:27 +00:00
Justin Cormack
de7bc5103d Make /run nosuid,noexec 
This was not sufficiently locked down.

Fix #720

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-23 12:08:53 +00:00
Justin Cormack
6ee9eeb284 Merge pull request #777 from justincormack/win-trim 
Run TRIM on Windows every 15m
 2016-11-23 03:37:33 -08:00
Justin Cormack
3dc7419954 Run TRIM on Windows every 15m 
As the Windows virtual device supports TRIM we can run this to free
up disk space frequently. Not recommended to run on physical devices
this often.

See https://github.com/docker/pinata/issues/5298

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-23 11:30:35 +00:00
Justin Cormack
4619368531 Do not create swap file if the disk is small 
- on very small disks, eg CI, do not create a swap file.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-23 11:25:19 +00:00
Justin Cormack
605c34be64 Resize device if there is free space 
If the block device has unused free space, extend the filesystem on it.

Fix #120

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-22 21:59:53 +00:00
Justin Cormack
c686b47a99 Merge pull request #774 from nathanleclaire/azure_init_beta12 
Azure init beta12
 2016-11-21 23:54:17 +00:00
Nathan LeClaire
7fb43cb289 Include version and daemon.json in Azure init script 
Signed-off-by: Nathan LeClaire <nathan.leclaire@gmail.com>
 2016-11-21 15:43:19 -08:00
Justin Cormack
3204fafc54 fix typo making swap file 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-21 23:02:44 +00:00
Justin Cormack
a4212b2cbf Merge pull request #770 from rneugeba/kernel-fix 
kernel: update/fix patches for 4.8.10
 2016-11-21 22:06:27 +00:00
Justin Cormack
30f14dd622 Remove ssh server packages 
These will be containerised, and were disabled anyway.

Need client, as git needs it, and docker needs git.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-21 21:47:10 +00:00
Rolf Neugebauer
df67417538 kernel: update/fix patches for 4.8.10 
In particular 8e0e003b50
seem to have remove the net/Kconfig changes

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2016-11-21 21:37:05 +00:00
Justin Cormack
d1a1d7846b Update Docker init script for 1.13 
- never update root filesystem see #583
- remove tests for earlier docker versions
- only use iptables override on desktop

fix #753

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-21 21:15:24 +00:00
Justin Cormack
35fdd3268a Update base image to Alpine 3.5-rc2 
- switch to libressl
- hvtools in main

Note the build images are not switched over yet

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-21 20:30:33 +00:00
Justin Cormack
36c25e442d Remove Alpine packages just used for debugging and build 
- make, GNU tar only used for self hosting
- strace, ipvsadmin, openssl just for debug

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-21 20:15:37 +00:00
Justin Cormack
94d6bbfa83 Merge pull request #764 from justincormack/extend 
Simplify file system format code
 2016-11-21 19:53:43 +00:00
Justin Cormack
db3cbe2eb2 Simplify file system format code 
- use our own code rather than Alpine setup-disk
- remove alpine setup code as not needed
- do not create swap partitions
- create swap file on desktop editions for now (may remove)

Fix #619

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-21 18:35:13 +00:00
Justin Cormack
c19e17284d Merge pull request #702 from justincormack/syslog 
Syslog support for docker logs
 2016-11-21 17:47:31 +00:00
Justin Cormack
994eeadb1c Merge pull request #761 from ijc25/kernel-patch-whitespace 
Fixup kernel patch whitepace
 2016-11-21 15:20:57 +00:00
Justin Cormack
a08e06bc44 Upgrade Linux to 4.8.10 
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2016-11-21 15:03:48 +00:00