moby--moby

22784 commits 10 branches 356 tags 299 MiB

Author	SHA1	Message	Date
Dan Walsh	ba38d58659	Make mqueue container specific mqueue can not be mounted on the host os and then shared into the container. There is only one mqueue per mount namespace, so current code ends up leaking the /dev/mqueue from the host into ALL containers. Since SELinux changes the label of the mqueue, only the last container is able to use the mqueue, all other containers will get a permission denied. If you don't have SELinux protections sharing of the /dev/mqueue allows one container to interact in potentially hostile ways with other containers. Signed-off-by: Dan Walsh <dwalsh@redhat.com>	2016-02-05 16:50:35 +01:00
Alexander Morozov	c1cd45d547	Choose default-cgroup parent by cgroup driver It's "/docker" for cgroupfs and "system.slice" for systemd. Fix #19140 Signed-off-by: Alexander Morozov <lk4d4@docker.com>	2016-01-07 08:56:26 -08:00
Srini Brahmaroutu	9982631707	update runc to the latest code base to fix gccgo build Signed-off-by: Srini Brahmaroutu <srbrahma@us.ibm.com>	2016-01-06 00:02:56 +00:00
Jess Frazelle	ff69b23dc0	Merge pull request #18395 from LK4D4/default_cgroup_is_not_daemon Use /docker as cgroup parent instead of docker	2015-12-17 13:59:00 -08:00
Mrunal Patel	e8f7d5885d	Update runc/libcontainer to v0.0.6 Signed-off-by: Mrunal Patel <mrunalp@gmail.com>	2015-12-11 15:24:32 -05:00
Alexander Morozov	4b55765c11	Use /docker as cgroup parent instead of docker It means that containers will be created under root cgroup and not under daemon cgroup. Signed-off-by: Alexander Morozov <lk4d4@docker.com>	2015-12-03 08:42:45 -08:00
John Howard	be2f53ece8	Windows: Fix native exec template Signed-off-by: John Howard <jhoward@microsoft.com>	2015-10-31 11:39:19 -07:00

Renamed from daemon/execdriver/native/template/default_template.go (Browse further)

7 commits