In that case /etc/resolv.conf will be generated with no search
option. Usage: --dns-search=.
Docker-DCO-1.1-Signed-off-by: Fabio Falci <fabiofalci@gmail.com> (github: fabiofalci)
The Docker btrfs graph driver does not interact well with SELinux at present.
If btrfs mounts the same file in several locations, the same SELinux label will
be applied to all mountpoints. In the context of the graph driver, things such
as shared libraries become inaccessible to containers due to SELInux, causing
all dynamically linked applications to fail when run in a container.
Consequently, error when we detect the daemon is being run with SELinux enabled
and the btrfs driver. Documentation has been added for this behavior.
Docker-DCO-1.1-Signed-off-by: Matthew Heon <mheon@redhat.com> (github: mheon)
It avoids hidden error when ports are redirected from
container to host using -p host_port:guest_port.
Docker-DCO-1.1-Signed-off-by: Jiří Župka <jzupka@redhat.com> (github: jzupka)
This will allow us to _know_ what the user's -H settings are, which may
be useful for debugging later.
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@fosiki.com> (github: SvenDowideit)
This commit makes Docker throw an error if the daemon isn't started as
root.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Added --selinux-enable switch to daemon to enable SELinux labeling.
The daemon will now generate a new unique random SELinux label when a
container starts, and remove it when the container is removed. The MCS
labels will be stored in the daemon memory. The labels of containers will
be stored in the container.json file.
When the daemon restarts on boot or if done by an admin, it will read all containers json files and reserve the MCS labels.
A potential problem would be conflicts if you setup thousands of containers,
current scheme would handle ~500,000 containers.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: crosbymichael)
This has every container using the docker daemon's pid for the processes
label so it does not work correctly.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
- Mention that [] options may be specified multiple times on the Usage page
Docker-DCO-1.1-Signed-off-by: Mike MacCana <mike.maccana@gmail.com> (github: mikemaccana)
Docker-DCO-1.1-Signed-off-by: Mike MacCana <mike.maccana@gmail.com> (github: SvenDowideit)
Without creating a root there is no way for the engine to return an
error from the new function.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
This makes the engine more general purpose so that we can
use it and the job routing functionality for reexec'ing our binary
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Conflicts:
integration/runtime_test.go
For combing through logs, have an intro line with information about the
running instance of the docker daemon.
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
Add a --dns-search parameter and a DnsSearch
configuration field for specifying dns search
domains.
Docker-DCO-1.1-Signed-off-by: Daniel Norberg <daniel.norberg@gmail.com> (github: danielnorberg)
Fix docs and help messages of --iptables and --ip-forward to describe the true case behaviour
Docker-DCO-1.1-Signed-off-by: Ken ICHIKAWA <ichikawa.ken@jp.fujitsu.com> (github: ichik1)
This removes the incomplete symlink handling from engine.go and it adds
it one place in docker.go.
It also enables handling symlinks for TMPDIR.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
This allows selective loading of commands, and paves the way to dynamic
plugins.
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
like the storage-driver flag, this implements a flag for choosing the
execdriver to be used, defaulting to lxc.
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
This breaks the dependency from the remote API implementation to the
internal representation of a container. Instead it uses its own partial
representation of a container, with only required fields.
* This preserves reverse-compatibility with all past implementations of the remote API.
* This clarifies which fields are guaranteed to be present in a response
A docker remote api server *may* return more fields in a Container
object, but their presence and semantics are not guaranteed and should
not be relied upon by client implementations.
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
