kotovalexarian-likes-github
/
moby--moby
mirror of https://github.com/moby/moby.git
1
0
Fork 0
Code Releases Activity
moby--moby/daemon
History
Aleksa Sarai c0f883fdee
daemon: oci: obey CL_UNPRIVILEGED for user namespaced daemon 
When runc is bind-mounting a particular path "with options", it has to
do so by first creating a bind-mount and the modifying the options of
said bind-mount via remount. However, in a user namespace, there are
restrictions on which flags you can change with a remount (due to
CL_UNPRIVILEGED being set in this instance). Docker historically has
ignored this, and as a result, internal Docker mounts (such as secrets)
haven't worked with --userns-remap. Fix this by preserving
CL_UNPRIVILEGED mount flags when Docker is spawning containers with user
namespaces enabled.

Ref: https://github.com/opencontainers/runc/pull/1603
Signed-off-by: Aleksa Sarai <asarai@suse.de>
 		2017-10-16 02:52:56 +11:00
..
caps
cluster LCOW: API: Add platform to /images/create and /build 2017-10-06 11:44:18 -07:00
config Merge pull request #34821 from thaJeztah/remove-enable-api-cors 2017-09-13 20:10:27 -07:00
discovery Add ineffassign linter 2017-09-08 18:23:21 -04:00
events Merge pull request #34985 from thaJeztah/remove-use-of-deprecated-filter-functions 2017-09-27 17:34:07 +02:00
exec Add gosimple linter 2017-09-12 12:09:59 -04:00
graphdriver LCOW: API: Add platform to /images/create and /build 2017-10-06 11:44:18 -07:00
initlayer LCOW: Implemented support for docker cp + build 2017-09-14 12:07:52 -07:00
links
listeners Add unconvert linter 2017-08-24 15:08:31 -04:00
logger Merge pull request #34758 from ghislainbourgeois/33495-add-tcp-to-gelf-log-driver 2017-10-10 10:26:01 -04:00
names Move names to a more appropriate package. 2017-09-06 12:05:16 -04:00
network Updating moby to correspond to naming convention used in https://github.com/docker/swarmkit/pull/2385 2017-09-26 22:08:10 +00:00
stats Remove string checking in API error handling 2017-08-15 16:01:11 -04:00
testdata Remove libtrust dep from api 2017-09-06 12:05:19 -04:00
apparmor_default.go apparmor: make pkg/aaparser work on read-only root 2017-05-18 00:05:13 +10:00
apparmor_default_unsupported.go
archive.go LCOW: Implemented support for docker cp + build 2017-09-14 12:07:52 -07:00
archive_tarcopyoptions.go Partial refactor of UID/GID usage to use a unified struct. 2017-06-07 11:44:33 -04:00
archive_tarcopyoptions_unix.go Fix vfs unit test and port VFS to the new IDMappings 2017-06-07 11:44:34 -04:00
archive_tarcopyoptions_windows.go daemon/archive.go: Fix copy routines to preserve UID. 2017-04-12 10:33:19 +00:00
archive_unix.go LCOW: API change JSON header to string POST parameter 2017-10-06 15:26:48 -07:00
archive_windows.go Remove CopyOnBuild from the daemon. 2017-06-08 15:06:54 -04:00
attach.go Optimize some wrong usage and spelling 2017-09-07 09:44:08 +08:00
auth.go
bindmount_solaris.go
bindmount_unix.go
build.go LCOW: API: Add platform to /images/create and /build 2017-10-06 11:44:18 -07:00
cache.go Update logrus to v1.0.1 2017-07-31 13:16:46 -07:00
changes.go
checkpoint.go Move names to a more appropriate package. 2017-09-06 12:05:16 -04:00
cluster.go Fix race condition between swarm and libnetwork 2017-05-10 21:16:52 -07:00
commit.go LCOW: API: Add platform to /images/create and /build 2017-10-06 11:44:18 -07:00
configs.go Update logrus to v1.0.1 2017-07-31 13:16:46 -07:00
configs_linux.go Add config support to executor backend 2017-05-11 10:08:21 -07:00
configs_unsupported.go Add Windows configs support 2017-05-16 14:25:32 -07:00
configs_windows.go Add Windows configs support 2017-05-16 14:25:32 -07:00
container.go LCOW: API: Add platform to /images/create and /build 2017-10-06 11:44:18 -07:00
container_linux.go Remove string checking in API error handling 2017-08-15 16:01:11 -04:00
container_operations.go Remove string checking in API error handling 2017-08-15 16:01:11 -04:00
container_operations_solaris.go Include Endpoint List for Shared Endpoints 2017-07-06 12:19:17 -07:00
container_operations_unix.go Relabel config files. 2017-09-05 18:39:48 -03:00
container_operations_windows.go Update logrus to v1.0.1 2017-07-31 13:16:46 -07:00
container_windows.go
create.go LCOW: API: Add platform to /images/create and /build 2017-10-06 11:44:18 -07:00
create_unix.go LCOW: API: Add platform to /images/create and /build 2017-10-06 11:44:18 -07:00
create_windows.go LCOW: API: Add platform to /images/create and /build 2017-10-06 11:44:18 -07:00
daemon.go LCOW: API: Add platform to /images/create and /build 2017-10-06 11:44:18 -07:00
daemon_experimental.go
daemon_linux.go Update logrus to v1.0.1 2017-07-31 13:16:46 -07:00
daemon_linux_test.go
daemon_solaris.go LCOW: Implemented support for docker cp + build 2017-09-14 12:07:52 -07:00
daemon_test.go Store container names in memdb 2017-07-13 12:35:00 -07:00
daemon_unix.go Don't abort when setting may_detach_mounts 2017-10-11 14:54:24 -04:00
daemon_unix_test.go Add ineffassign linter 2017-09-08 18:23:21 -04:00
daemon_unsupported.go
daemon_windows.go LCOW: API: Add platform to /images/create and /build 2017-10-06 11:44:18 -07:00
daemon_windows_test.go Ensure Host Network Service exists 2017-09-25 11:07:44 -07:00
debugtrap_unix.go Update logrus to v1.0.1 2017-07-31 13:16:46 -07:00
debugtrap_unsupported.go
debugtrap_windows.go Use event functions from golang.org/x/sys/windows 2017-08-21 12:58:09 +02:00
delete.go Merge pull request #34960 from sterchelen/34953-Prune-Volume-lack-event-entry 2017-10-12 09:24:26 -07:00
delete_test.go Move ErrorContains to an internal package. 2017-08-25 12:04:58 -04:00
dependency.go Add config support to executor backend 2017-05-11 10:08:21 -07:00
disk_usage.go Fix variable shadowing causing LayersSize to be reported as 0 2017-09-12 14:11:11 -03:00
errors.go Fix conflicting container name producint 400 error instead of 409 2017-10-04 20:39:45 +02:00
events.go Update logrus to v1.0.1 2017-07-31 13:16:46 -07:00
events_test.go LCOW: Remove CommonContainer - just Container 2017-06-20 08:55:46 -07:00
exec.go Add interfacer linter 2017-08-24 15:08:26 -04:00
exec_linux.go daemon: also ensureDefaultApparmorProfile in exec path 2017-03-13 15:20:05 +11:00
exec_solaris.go
exec_windows.go LCOW: API: Add platform to /images/create and /build 2017-10-06 11:44:18 -07:00
export.go LCOW: API: Add platform to /images/create and /build 2017-10-06 11:44:18 -07:00
getsize_unix.go Update logrus to v1.0.1 2017-07-31 13:16:46 -07:00
health.go Add deadcode linter 2017-08-21 18:18:50 -04:00
health_test.go Move checkpointing to the Container object 2017-06-23 07:52:32 -07:00
image.go LCOW: API: Add platform to /images/create and /build 2017-10-06 11:44:18 -07:00
image_delete.go LCOW: API: Add platform to /images/create and /build 2017-10-06 11:44:18 -07:00
image_exporter.go Move to a single tag-store 2017-08-18 17:09:27 -07:00
image_history.go Move to a single tag-store 2017-08-18 17:09:27 -07:00
image_inspect.go Move to a single tag-store 2017-08-18 17:09:27 -07:00
image_pull.go Move to a single tag-store 2017-08-18 17:09:27 -07:00
image_push.go Move to a single tag-store 2017-08-18 17:09:27 -07:00
image_tag.go LCOW: API: Add platform to /images/create and /build 2017-10-06 11:44:18 -07:00
images.go LCOW: API: Add platform to /images/create and /build 2017-10-06 11:44:18 -07:00
import.go LCOW: API: Add platform to /images/create and /build 2017-10-06 11:44:18 -07:00
info.go Add unconvert linter 2017-08-24 15:08:31 -04:00
info_unix.go Update logrus to v1.0.1 2017-07-31 13:16:46 -07:00
info_unix_test.go Refactor "init" version parsing, and add unit-test 2017-04-08 11:28:37 +02:00
info_windows.go
inspect.go Fix downlevel regression 2017-10-09 13:47:28 -07:00
inspect_solaris.go Move platform specific mount data to Container 2017-06-23 07:22:47 -07:00
inspect_unix.go Move platform specific mount data to Container 2017-06-23 07:22:47 -07:00
inspect_windows.go Move platform specific mount data to Container 2017-06-23 07:22:47 -07:00
keys.go
keys_unsupported.go
kill.go Optimize some wrong usage and spelling 2017-09-07 09:44:08 +08:00
links.go Remove links when remove container 2017-07-18 12:09:26 +08:00
list.go LCOW: API: Add platform to /images/create and /build 2017-10-06 11:44:18 -07:00
list_unix.go stop grabbing container locks during ps 2017-06-23 07:52:31 -07:00
list_windows.go stop grabbing container locks during ps 2017-06-23 07:52:31 -07:00
logdrivers_linux.go
logdrivers_windows.go
logs.go Remove string checking in API error handling 2017-08-15 16:01:11 -04:00
logs_test.go
metrics.go Add gosimple linter 2017-09-12 12:09:59 -04:00
metrics_unix.go Update logrus to v1.0.1 2017-07-31 13:16:46 -07:00
metrics_unsupported.go Add support for metrics plugins 2017-05-12 00:30:09 -04:00
monitor.go Fix golint errors. 2017-08-18 14:23:44 -04:00
monitor_linux.go
monitor_solaris.go
monitor_windows.go Update Windows and LCOW to use v1.0.0 runtime-spec 2017-08-21 15:19:31 -07:00
mounts.go Fix issue backporting mount spec to pre-1.13 obj 2017-05-11 12:31:53 -04:00
names.go Fix conflicting container name producint 400 error instead of 409 2017-10-04 20:39:45 +02:00
network.go Fix network name masking network ID on delete 2017-10-11 21:57:05 +02:00
oci_linux.go daemon: oci: obey CL_UNPRIVILEGED for user namespaced daemon 2017-10-16 02:52:56 +11:00
oci_solaris.go LCOW: Implemented support for docker cp + build 2017-09-14 12:07:52 -07:00
oci_windows.go LCOW: API: Add platform to /images/create and /build 2017-10-06 11:44:18 -07:00
pause.go Remove string checking in API error handling 2017-08-15 16:01:11 -04:00
prune.go Merge pull request #34960 from sterchelen/34953-Prune-Volume-lack-event-entry 2017-10-12 09:24:26 -07:00
reload.go Implement none, private, and shareable ipc modes 2017-08-14 10:50:39 +03:00
reload_test.go Merge pull request #34495 from ripcurld0/registry_mirror_json 2017-09-18 21:59:14 -07:00
rename.go Remove string checking in API error handling 2017-08-15 16:01:11 -04:00
resize.go Remove string checking in API error handling 2017-08-15 16:01:11 -04:00
restart.go Update logrus to v1.0.1 2017-07-31 13:16:46 -07:00
search.go Replace uses of filters.ToParam(), FromParam() with filters.ToJSON(), FromJSON() 2017-09-26 13:59:45 +02:00
search_test.go
seccomp_disabled.go
seccomp_linux.go Update logrus to v1.0.1 2017-07-31 13:16:46 -07:00
seccomp_unsupported.go
secrets.go Update logrus to v1.0.1 2017-07-31 13:16:46 -07:00
secrets_linux.go
secrets_unsupported.go Add Windows secrets support 2017-05-16 11:30:06 -07:00
secrets_windows.go Add Windows secrets support 2017-05-16 11:30:06 -07:00
selinux_linux.go Switch to using opencontainers/selinux for selinux bindings 2017-04-24 21:29:47 +02:00
selinux_unsupported.go
start.go LCOW: API: Add platform to /images/create and /build 2017-10-06 11:44:18 -07:00
start_unix.go Remove string checking in API error handling 2017-08-15 16:01:11 -04:00
start_windows.go LCOW: API: Add platform to /images/create and /build 2017-10-06 11:44:18 -07:00
stats.go
stats_collector.go
stats_unix.go Remove string checking in API error handling 2017-08-15 16:01:11 -04:00
stats_windows.go
stop.go Optimize some wrong usage and spelling 2017-09-07 09:44:08 +08:00
top_unix.go Add gosimple linter 2017-09-12 12:09:59 -04:00
top_unix_test.go
top_windows.go
trustkey.go Remove libtrust dep from api 2017-09-06 12:05:19 -04:00
trustkey_test.go Remove libtrust dep from api 2017-09-06 12:05:19 -04:00
unpause.go
update.go LCOW: API: Add platform to /images/create and /build 2017-10-06 11:44:18 -07:00
update_linux.go Add `--cpus` support for `docker update` 2017-04-06 15:40:12 -07:00
update_solaris.go
update_windows.go
volumes.go LCOW: API: Add platform to /images/create and /build 2017-10-06 11:44:18 -07:00
volumes_unit_test.go Volume refactoring for LCOW 2017-09-14 12:33:31 -07:00
volumes_unix.go avoid saving container state to disk before daemon.Register 2017-06-23 07:52:34 -07:00
volumes_unix_test.go Spelling fixes 2017-07-03 13:13:09 -07:00
volumes_windows.go Partial refactor of UID/GID usage to use a unified struct. 2017-06-07 11:44:33 -04:00
wait.go Update ContainerWait API 2017-05-16 15:11:39 -07:00
workdir.go Remove error return from RootPair 2017-06-07 11:45:33 -04:00