1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Commit graph

19 commits

Author SHA1 Message Date
cyli
3ef31215f4 Revert "Merge pull request #21003 from riyazdf/hardware-signing-ga"
This reverts commit e6d3a9849c, reversing
changes made to d3afe34b51.

Signed-off-by: cyli <cyli@twistedmatrix.com>
(cherry picked from commit dd33d18045)
2016-03-25 13:43:08 -04:00
Ken Cochrane
48ce060e8c Packaging changes required for new containerd binaries
These are the changes required due to the new binaries that containerd introduced.
The rpm, and deb packages now include 5 binaries.

docker, containerd, containerd-shim, ctr, and runc

The tar files also include all 5 binaries.

Signed-off-by: Ken Cochrane <KenCochrane@gmail.com>
(cherry picked from commit bb66d7144f)
2016-03-25 13:43:07 -04:00
Paul Liljenberg
f10c8e786b Fix debian policy rule
Fix issue in debian policy by removeing double quotes.

Signed-off-by: Paul Liljenberg <liljenberg.paul@gmail.com>
2016-03-19 20:58:19 +01:00
Riyaz Faizullabhoy
f7fa83c910 Improve messaging and binary generation for pkcs11
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-03-16 09:43:06 -07:00
Riyaz Faizullabhoy
2c3e9e5794 Update packaging for yubico
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-03-07 17:17:15 -08:00
Stefan Weil
2eee613326 Fix some typos in comments and strings
Most of them were found and fixed by codespell.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
2016-02-22 20:27:15 +01:00
Aleksa Sarai
4357ed4a73 *: purge dockerinit from source code
dockerinit has been around for a very long time. It was originally used
as a way for us to do configuration for LXC containers once the
container had started. LXC is no longer supported, and /.dockerinit has
been dead code for quite a while. This removes all code and references
in code to dockerinit.

Signed-off-by: Aleksa Sarai <asarai@suse.com>
2016-01-26 23:47:02 +11:00
Jessica Frazelle
cf4c3da725
update debs/rpms for pkcs11 yubikey things
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2015-11-13 13:20:53 -08:00
Jessica Frazelle
8369f00d30
add generate aa profile to deb install
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2015-10-19 16:15:25 -07:00
Jessica Frazelle
ed248207d7 revert apparmor changes back to how it was in 1.7.1, but keep tests
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2015-08-06 12:49:25 -07:00
Eric Windisch
0f4e5f7149 Remove container AA profile from packaging
Signed-off-by: Eric Windisch <eric@windisch.us>
2015-07-29 17:47:38 -04:00
Jessica Frazelle
a2ea8f2ad8 fix deb packaging systemd files
Signed-off-by: Jessica Frazelle <princess@docker.com>
2015-07-25 14:04:39 -07:00
Eric Windisch
39dae54a3f Add AppArmor policy for the engine
Wraps the engine itself with an AppArmor policy.

This restricts what may be done by applications
we call out to, such as 'xz'.

Significantly, this policy also restricts the policies
to which a container may be spawned into. By default,
users will be able to transition to an unconfined
policy or any policy prefaced with 'docker-'.

Local operators may add new local policies prefaced
with 'docker-' without needing to modify this policy.
Operators choosing to disable privileged containers
will need to modify this policy to remove access
to change_policy to unconfined.

Signed-off-by: Eric Windisch <eric@windisch.us>
2015-07-22 14:20:50 -04:00
Eric Windisch
80d99236c1 Move AppArmor policy to contrib & deb packaging
The automatic installation of AppArmor policies prevents the
management of custom, site-specific apparmor policies for the
default container profile. Furthermore, this change will allow
a future policy for the engine itself to be written without demanding
the engine be able to arbitrarily create and manage AppArmor policies.

- Add deb package suggests for apparmor.
- Ubuntu postinst use aa-status & fix policy path
- Add the policies to the debian packages.
- Add apparmor tests for writing proc files
Additional restrictions against modifying files in proc
are enforced by AppArmor. Ensure that AppArmor is preventing
access to these files, not simply Docker's configuration of proc.
- Remove /proc/k?mem from AA policy
The path to mem and kmem are in /dev, not /proc
and cannot be restricted successfully through AppArmor.
The device cgroup will need to be sufficient here.
- Load contrib/apparmor during integration tests
Note that this is somewhat dirty because we
cannot restore the host to its original configuration.
However, it should be noted that prior to this patch
series, the Docker daemon itself was loading apparmor
policy from within the tests, so this is no dirtier or
uglier than the status-quo.

Signed-off-by: Eric Windisch <eric@windisch.us>
2015-07-21 11:05:53 -04:00
Mary Anthony
eacae64bd8 Moving man pages out of docs
Adding in other areas per comments
Updating with comments; equalizing generating man page info
Updating with duglin's comments
Doug is right here again;fixing.

Signed-off-by: Mary Anthony <mary@docker.com>
2015-06-10 13:43:35 -07:00
Tianon Gravi
98180b8954 Finally add precise/12.04 as a build-deb target
Ubuntu Precise has a number of warts that made it non-trivial to add initially, but I've managed to work through some of them and come up with a working build.  Two important parts to note are that it has neither the `btrfs` nor the `devicemapper` graphdriver backends since `btrfs-tools` and `libdevmapper-dev` in the precise repositories are too ancient for them to even compile.

Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
2015-05-29 12:55:58 -07:00
Tianon Gravi
867eed8f35 Fix build-deb
This fixes the part of #12996 that I forgot. 👼

This also fixes a minor path issue (there's no `libexec` in Debian), and fixes a minor bug with the `debVersion` parsing.

Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
2015-05-06 18:10:15 -06:00
Tianon Gravi
5e563d1708 Replace "docker-core" with "docker-engine" in "build-deb"
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
2015-05-05 10:11:59 -06:00
Tianon Gravi
eee1efcfd6 Add "builder-deb" base images for building ".deb" packages properly
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
2015-04-06 10:43:36 -06:00