kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity
moby--moby/pkg
History
Dan Walsh 4c43566925 This patch adds SELinux labeling support. 
docker will run the process(es) within the container with an SELinux label and will label
all of  the content within the container with mount label.  Any temporary file systems
created within the container need to be mounted with the same mount label.

The user can override the process label by specifying

-Z With a string of space separated options.

-Z "user=unconfined_u role=unconfined_r type=unconfined_t level=s0"

Would cause the process label to run with unconfined_u:unconfined_r:unconfined_t:s0"

By default the processes will run execute within the container as svirt_lxc_net_t.
All of the content in the container as svirt_sandbox_file_t.

The process mcs level is based of the PID of the docker process that is creating the container.

If you run the container in --priv mode, the labeling will be disabled.

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
2014-03-26 15:30:40 -04:00
..
cgroups Fix cgroups swap issue when it is not supported 2014-02-25 19:45:57 -08:00
collections Remove std sort and use custom sort for performances 2014-01-26 14:01:38 -08:00
graphdb runtime: Fix unique constraint error checks 2014-03-03 15:10:52 +01:00
iptables iptables: use dest_addr and dest_port for public port FORWARD rule 2014-02-04 11:32:50 -06:00
label This patch adds SELinux labeling support. 2014-03-26 15:30:40 -04:00
libcontainer This patch adds SELinux labeling support. 2014-03-26 15:30:40 -04:00
listenbuffer adding configuration for timeout and disable it by default 2014-03-17 15:12:02 -07:00
mflag update godoc and add MAINTAINERS for mflags 2014-03-14 17:35:41 +00:00
mount Merge pull request #3841 from alexlarsson/separate-base-fs 2014-01-31 11:49:14 -08:00
namesgenerator Fix misspelled Hawkings -> Hawking, Archimede -> Archimedes, Euclide -> Euclid 2014-01-09 10:02:55 -05:00
netlink Update email + add self to pkg/signal 2014-03-10 20:26:45 -07:00
proxy Remove verbose logging for non errors 2014-02-17 13:31:13 -08:00
selinux This patch adds SELinux labeling support. 2014-03-26 15:30:40 -04:00
signal Like signal_linux.go, we don't have import os and os/signal 2014-03-11 23:14:58 +09:00
sysinfo remove ip_forward warning 2014-01-28 13:27:56 -06:00
system Send sigterm to child instead of sigkill 2014-03-14 15:42:05 -07:00
systemd pkg: systemd: add initial MAINTAINERS 2014-02-06 12:04:35 -08:00
term Use BSD raw mode on darwin. Fixes nano, tmux and others 2014-03-13 11:11:02 -07:00
user Use type switch instead of reflection 2014-01-31 20:15:24 -07:00
version add version pkg 2014-02-25 21:08:38 +00:00
README.md Add README to pkg 2013-12-23 23:12:19 +00:00

README.md

pkg/ is a collection of utility packages used by the Docker project without being specific to its internals.

Utility packages are kept separate from the docker core codebase to keep it as small and concise as possible. If some utilities grow larger and their APIs stabilize, they may be moved to their own repository under the Docker organization, to facilitate re-use by other projects. However that is not the priority.

The directory pkg is named after the same directory in the camlistore project. Since Brad is a core Go maintainer, we thought it made sense to copy his methods for organizing Go code :) Thanks Brad!

Because utility packages are small and neatly separated from the rest of the codebase, they are a good place to start for aspiring maintainers and contributors. Get in touch if you want to help maintain them!