Commit Graph

69 Commits

Author SHA1 Message Date
Erik St. Martin 42ef78911e Implementing support for --cpu-rt-period and --cpu-rt-runtime so that
containers may specify these cgroup values at runtime. This will allow
processes to change their priority to real-time within the container
when CONFIG_RT_GROUP_SCHED is enabled in the kernel. See #22380.

Also added sanity checks for the new --cpu-rt-runtime and --cpu-rt-period
flags to ensure that that the kernel supports these features and that
runtime is not greater than period.

Daemon will support a --cpu-rt-runtime flag to initialize the parent
cgroup on startup, this prevents the administrator from alotting runtime
to docker after each restart.

There are additional checks that could be added but maybe too far? Check
parent cgroups to ensure values are <= parent, inspecting rtprio ulimit
and issuing a warning.

Signed-off-by: Erik St. Martin <alakriti@gmail.com>
2017-06-02 00:10:28 +00:00
sandyskies b4f6b6d970 add --network option for docker build
Signed-off-by: sandyskies <chenmingjie0828@163.com>
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2017-06-02 00:10:28 +00:00
Yong Tang 4ff84a13da Add config parameter to change per-container stop timeout during daemon shutdown
This fix tries to add a flag `--stop-timeout` to specify the timeout value
(in seconds) for the container to stop before SIGKILL is issued. If stop timeout
is not specified then the default timeout (10s) is used.

Additional test cases have been added to cover the change.

This fix is related to #22471. Another pull request will add `--shutdown-timeout`
to daemon for #22471.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-06-02 00:10:24 +00:00
Amir Goldstein 6190d02e62 overlay2: add support for --storage-opt size
Allow passing --storage-opt size=X to docker create/run commands
for the `overlay2` graphriver.

The size option is only available if the backing fs is xfs that is
mounted with the `pquota` mount option.
The user can pass any size less then the backing fs size.

Signed-off-by: Amir Goldstein <amir73il@aquasec.com>
2017-06-02 00:10:24 +00:00
Sebastiaan van Stijn 4d268629e2 Fix capitalization
Signed-off-by: YuPengZTE <yu.peng36@zte.com.cn>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:10:05 +00:00
Zhang Wei 0f6a96d2a4 Wait container's removal via Events API
If AutoRemove is set, wait until client get `destroy` events, or get
`detach` events that implies container is detached but not stopped.

Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2017-06-02 00:10:04 +00:00
Sebastiaan van Stijn 77e4100d00 Improve flag help consistency, and update docs
This adds the `--live-restore` option to the documentation.

Also synched usage description in the documentation
with the actual description, and re-phrased some
flag descriptions to be a bit more consistent.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:51 +00:00
Arnaud Porterie (icecrime) 253a5f4ea2 Rename `--net` to `--network`
Add a `--network` flag which replaces `--net` without deprecating it
yet. The `--net` flag remains hidden and supported.

Add a `--network-alias` flag which replaces `--net-alias` without deprecating
it yet. The `--net-alias` flag remains hidden and supported.

Signed-off-by: Arnaud Porterie (icecrime) <arnaud.porterie@docker.com>
2017-06-02 00:07:50 +00:00
Shishir Mahajan 43e6c9864b Man page fix: Mention supported drivers for --storage-opt size option in docker create/run
Signed-off-by: Shishir Mahajan <shishir.mahajan@redhat.com>
2017-06-02 00:07:46 +00:00
Alessandro Boch 987e5e6d8a Allow user to specify container's link-local addresses
Signed-off-by: Alessandro Boch <aboch@docker.com>
2017-06-02 00:07:44 +00:00
allencloud 54df0949b0 fix typos
Signed-off-by: allencloud <allen.sun@daocloud.io>
2017-06-02 00:07:41 +00:00
John Howard 6d54461bd8 Windows: Default to Hyper-V Containers on client
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-06-02 00:07:39 +00:00
Christian Persson 5367c2a4aa Replace U+2018 and U+2019 with U+0027 in manpages
Signed-off-by: Christian Persson <saser@live.se>
2017-06-02 00:07:39 +00:00
Mrunal Patel 637048e176 Add support for --pid=container:<id>
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-06-02 00:07:39 +00:00
Sean Christopherson ab42b091ee Add the swapMemorySupport requirement to OOM tests
Add the swapMemorySupport requirement to all tests related to the OOM killer.  The --memory option has the subtle side effect of defaulting --memory-swap to double the value of --memory.  The OOM killer doesn't kick in until the container exhausts memory+swap, and so without the memory swap cgroup the tests will timeout due to swap being effectively unlimited.

Document the default behavior of --memory-swap in the docker run man page.

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
2017-06-02 00:07:38 +00:00
Zhu Guihua f440f14613 Add disk quota support for btrfs
Signed-off-by: Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
2017-06-02 00:07:37 +00:00
Dan Walsh a60c612a04 Add support for setting sysctls
This patch will allow users to specify namespace specific "kernel parameters"
for running inside of a container.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2017-06-02 00:07:36 +00:00
Shishir Mahajan 791a5fc5c1 CLI flag for docker create(run) to change block device size.
Signed-off-by: Shishir Mahajan <shishir.mahajan@redhat.com>
2017-06-02 00:07:34 +00:00
Brian Goff eba678647b Add explicit flags for volume cp/no-cp
This allows a user to specify explicitly to enable
automatic copying of data from the container path to the volume path.
This does not change the default behavior of automatically copying, but
does allow a user to disable it at runtime.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-06-02 00:07:32 +00:00
David Calavera a7364b3743 Consolidate security options to use `=` as separator.
All other options we have use `=` as separator, labels,
log configurations, graph configurations and so on.
We should be consistent and use `=` for the security
options too.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2017-06-02 00:07:32 +00:00
Dan Walsh 2d0316cb43 Fix documentation on --security-opt seccomp
Missing documentation and man pages on seccomp options.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2017-06-02 00:07:32 +00:00
Liron Levin ce28fa45b0 Run privileged containers when userns are specified
Following #19995 and #17409 this PR enables skipping userns re-mapping
when creating a container (or when executing a command). Thus, enabling
privileged containers running side by side with userns remapped
containers.

The feature is enabled by specifying ```--userns:host```, which will not
remapped the user if userns are applied. If this flag is not specified,
the existing behavior (which blocks specific privileged operation)
remains.

Signed-off-by: Liron Levin <liron@twistlock.com>
2017-06-02 00:07:32 +00:00
Jessica Frazelle fd1c2150ad pids limit support
update bash commpletion for pids limit

update check config for kernel

add docs for pids limit

add pids stats

add stats to docker client

Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2017-06-02 00:07:31 +00:00
Mrunal Patel d3f632156e Add support for NoNewPrivileges in docker
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>

Add tests for no-new-privileges

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>

Update documentation for no-new-privileges

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-06-02 00:07:31 +00:00
Mike Danese f18d114874 daemon/logger: Add logging driver for Google Cloud Logging
Signed-off-by: Mike Danese <mikedanese@google.com>
2017-06-02 00:07:30 +00:00
Cedric Davies 56965a4d1d Windows: Add ETW logging driver plug-in
Signed-off-by: Cedric Davies <cedricda@microsoft.com>
2017-06-02 00:07:29 +00:00
Sebastiaan van Stijn f367aeadf3 Add note about legacy links
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:28 +00:00
Michael Crosby 9796beeedb Move tar copy-up for tmpfs mounts
We cannot rely on the tar command for this type of operation because tar
versions, flags, and functionality can very from distro to distro.
Since this is in the container execution path it is not safe to have
this as a dependency from dockers POV where the user cannot change the
fact that docker is adding these pre and post mount commands.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-06-02 00:07:26 +00:00
Brian Goff 88fa05ccb4 Add note about mount propagation on systemd
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2017-06-02 00:07:26 +00:00
Madhu Venugopal 46db31de0a Network scoped alias support
Signed-off-by: Madhu Venugopal <madhu@docker.com>
2017-06-02 00:07:24 +00:00
Alessandro Boch d3aa590eec Add missing documentation for static IP options
Signed-off-by: Alessandro Boch <aboch@docker.com>
2017-06-02 00:07:23 +00:00
Vincent Demeester 18eb9f2e64 Implement configurable detach key
Implement configurable detach keys (for `attach`, exec`, `run` and
`start`) using the client-side configuration

- Adds a `--detach-keys` flag to `attach`, `exec`, `run` and `start`
  commands.
- Adds a new configuration field (in `~/.docker/config.json`) to
  configure the default escape keys for docker client.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-02 00:07:22 +00:00
Qiang Huang b87dd1342f Fix docs for memory-swap
Fixes: #18894

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-06-02 00:07:21 +00:00
Doug Davis 421578fbd4 remove =false from options that default to false in the docs
This re-aligns the docs with what the cmd line now does.

Signed-off-by: Doug Davis <dug@us.ibm.com>
2017-06-02 00:07:21 +00:00
Ma Shimiao 499d634f32 Add support for blkio read/write iops device
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2017-06-02 00:07:21 +00:00
Vivek Goyal b2cbaa03af Add capability to specify mount propagation per volume
Allow passing mount propagation option shared, slave, or private as volume
property.

For example.
docker run -ti -v /root/mnt-source:/root/mnt-dest:slave fedora bash

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
2017-06-02 00:07:20 +00:00
Ma Shimiao 9480c4763d Add support for blkio read/write bps device
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2017-06-02 00:07:19 +00:00
Sebastiaan van Stijn c5f725e1c7 Address review comments.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-06-02 00:07:19 +00:00
Ben Firshman 22ce4b4448 Add docs and man page entry for --volume-driver
Signed-off-by: Ben Firshman <ben@firshman.co.uk>
2017-06-02 00:07:19 +00:00
Wen Cheng Ma deae0706ea Add NETWORK_NAME_or_ID value for --net= option
Signed-off-by: Wen Cheng Ma <wenchma@cn.ibm.com>
2017-06-02 00:07:19 +00:00
Antonio Murdaca e9287cd43a Add OomScoreAdj to configure container oom killer preferences
libcontainer v0.0.4 introduces setting `/proc/self/oom_score_adj` to
better tune oom killing preferences for container process. This patch
simply integrates OomScoreAdj libcontainer's config option and adjust
the cli with this new option.

Signed-off-by: Antonio Murdaca <amurdaca@redhat.com>
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:19 +00:00
Dan Walsh 65120e8851 This patch adds --tmpfs as a option for mounting tmpfs on directories
It will Tar up contents of child directory onto tmpfs if mounted over

This patch will use the new PreMount and PostMount hooks to "tar"
up the contents of the base image on top of tmpfs mount points.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2017-06-02 00:07:18 +00:00
Zhang Wei 67eea4d814 Add docs for option `--isolation`
Add docs for `run`/`create`/`build` command option `isolation`

Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2017-06-02 00:07:18 +00:00
NIWA Hideyuki fa2f024bc6 Addition of "--shm-size" to which size of /dev/shm is changed.
- Optional "--shm-size=" was added to the sub-command(run, create,and build).
- The size of /dev/shm in the container can be changed
  when container is made.
- Being able to specify is a numerical value that applies number,
  b, k, m, and g.
- The default value is 64MB, when this option is not set.
- It deals with both native and lxc drivers.

Signed-off-by: NIWA Hideyuki <niwa.hiedyuki@jp.fujitsu.com>
2017-06-02 00:07:18 +00:00
Ma Shimiao e303d6cc9f Add support for blkio.weight_device
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2017-06-02 00:07:17 +00:00
Zhang Wei 1a495e2d47 Fix man pages
Add contents and fix format problem for man pages.

Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2017-06-02 00:07:16 +00:00
David Calavera c5ed875bd9 Remove LXC support.
The LXC driver was deprecated in Docker 1.8.
Following the deprecation rules, we can remove a deprecated feature
after two major releases. LXC won't be supported anymore starting on Docker 1.10.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2017-06-02 00:07:15 +00:00
Sally O'Malley c48ec056d5 Change 'docker run' exit codes to distinguish docker/contained errors
The purpose of this PR is for users to distinguish Docker errors from
contained command errors.
This PR modifies 'docker run' exit codes to follow the chroot standard
for exit codes.
Exit status:
125 if 'docker run' itself fails
126 if contained command cannot be invoked
127 if contained command cannot be found
the exit status otherwise

Signed-off-by: Sally O'Malley <somalley@redhat.com>
2017-06-02 00:07:15 +00:00
Madhu Venugopal 2d486b08c8 Updating networking docs with technical information
- the /etc/hosts read caveat due to dynamic update
- information about docker_gwbridge
- Carries and closes #17654
- Updating with last change by Madhu
- Updating with the IPAM api 1.22

Signed-off-by: Mary Anthony <mary@docker.com>
2017-06-02 00:07:15 +00:00
Denis Gladkikh 1e2a27568b Add Splunk logging driver #16207
Allow to send Splunk logs using Http Event Collector

Signed-off-by: Denis Gladkikh <denis@gladkikh.email>
2017-06-02 00:07:14 +00:00