Browse code
Update libcontainer readme and todo list Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Michael Crosby authored on 2014/03/14 07:18:08Showing 2 changed files
| ... | ... |
@@ -16,54 +16,77 @@ process are specified in this file. The configuration is used for each process |
| 16 | 16 |
Sample `container.json` file: |
| 17 | 17 |
```json |
| 18 | 18 |
{
|
| 19 |
- "hostname": "koye", |
|
| 20 |
- "tty": true, |
|
| 21 |
- "environment": [ |
|
| 22 |
- "HOME=/", |
|
| 23 |
- "PATH=PATH=$PATH:/bin:/usr/bin:/sbin:/usr/sbin", |
|
| 24 |
- "container=docker", |
|
| 25 |
- "TERM=xterm-256color" |
|
| 26 |
- ], |
|
| 27 |
- "namespaces": [ |
|
| 28 |
- "NEWIPC", |
|
| 29 |
- "NEWNS", |
|
| 30 |
- "NEWPID", |
|
| 31 |
- "NEWUTS", |
|
| 32 |
- "NEWNET" |
|
| 33 |
- ], |
|
| 34 |
- "capabilities": [ |
|
| 35 |
- "SETPCAP", |
|
| 36 |
- "SYS_MODULE", |
|
| 37 |
- "SYS_RAWIO", |
|
| 38 |
- "SYS_PACCT", |
|
| 39 |
- "SYS_ADMIN", |
|
| 40 |
- "SYS_NICE", |
|
| 41 |
- "SYS_RESOURCE", |
|
| 42 |
- "SYS_TIME", |
|
| 43 |
- "SYS_TTY_CONFIG", |
|
| 44 |
- "MKNOD", |
|
| 45 |
- "AUDIT_WRITE", |
|
| 46 |
- "AUDIT_CONTROL", |
|
| 47 |
- "MAC_OVERRIDE", |
|
| 48 |
- "MAC_ADMIN", |
|
| 49 |
- "NET_ADMIN" |
|
| 50 |
- ], |
|
| 51 |
- "networks": [{
|
|
| 52 |
- "type": "veth", |
|
| 53 |
- "context": {
|
|
| 54 |
- "bridge": "docker0", |
|
| 55 |
- "prefix": "dock" |
|
| 56 |
- }, |
|
| 57 |
- "address": "172.17.0.100/16", |
|
| 58 |
- "gateway": "172.17.42.1", |
|
| 59 |
- "mtu": 1500 |
|
| 60 |
- } |
|
| 61 |
- ], |
|
| 62 |
- "cgroups": {
|
|
| 63 |
- "name": "docker-koye", |
|
| 64 |
- "parent": "docker", |
|
| 65 |
- "memory": 5248000 |
|
| 66 |
- } |
|
| 19 |
+ "hostname" : "koye", |
|
| 20 |
+ "networks" : [ |
|
| 21 |
+ {
|
|
| 22 |
+ "gateway" : "172.17.42.1", |
|
| 23 |
+ "context" : {
|
|
| 24 |
+ "bridge" : "docker0", |
|
| 25 |
+ "prefix" : "veth" |
|
| 26 |
+ }, |
|
| 27 |
+ "address" : "172.17.0.2/16", |
|
| 28 |
+ "type" : "veth", |
|
| 29 |
+ "mtu" : 1500 |
|
| 30 |
+ } |
|
| 31 |
+ ], |
|
| 32 |
+ "cgroups" : {
|
|
| 33 |
+ "parent" : "docker", |
|
| 34 |
+ "name" : "11bb30683fb0bdd57fab4d3a8238877f1e4395a2cfc7320ea359f7a02c1a5620" |
|
| 35 |
+ }, |
|
| 36 |
+ "tty" : true, |
|
| 37 |
+ "environment" : [ |
|
| 38 |
+ "HOME=/", |
|
| 39 |
+ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", |
|
| 40 |
+ "HOSTNAME=11bb30683fb0", |
|
| 41 |
+ "TERM=xterm" |
|
| 42 |
+ ], |
|
| 43 |
+ "capabilities" : [ |
|
| 44 |
+ "SETPCAP", |
|
| 45 |
+ "SYS_MODULE", |
|
| 46 |
+ "SYS_RAWIO", |
|
| 47 |
+ "SYS_PACCT", |
|
| 48 |
+ "SYS_ADMIN", |
|
| 49 |
+ "SYS_NICE", |
|
| 50 |
+ "SYS_RESOURCE", |
|
| 51 |
+ "SYS_TIME", |
|
| 52 |
+ "SYS_TTY_CONFIG", |
|
| 53 |
+ "MKNOD", |
|
| 54 |
+ "AUDIT_WRITE", |
|
| 55 |
+ "AUDIT_CONTROL", |
|
| 56 |
+ "MAC_OVERRIDE", |
|
| 57 |
+ "MAC_ADMIN", |
|
| 58 |
+ "NET_ADMIN" |
|
| 59 |
+ ], |
|
| 60 |
+ "context" : {
|
|
| 61 |
+ "apparmor_profile" : "docker-default" |
|
| 62 |
+ }, |
|
| 63 |
+ "mounts" : [ |
|
| 64 |
+ {
|
|
| 65 |
+ "source" : "/var/lib/docker/containers/11bb30683fb0bdd57fab4d3a8238877f1e4395a2cfc7320ea359f7a02c1a5620/resolv.conf", |
|
| 66 |
+ "writable" : false, |
|
| 67 |
+ "destination" : "/etc/resolv.conf", |
|
| 68 |
+ "private" : true |
|
| 69 |
+ }, |
|
| 70 |
+ {
|
|
| 71 |
+ "source" : "/var/lib/docker/containers/11bb30683fb0bdd57fab4d3a8238877f1e4395a2cfc7320ea359f7a02c1a5620/hostname", |
|
| 72 |
+ "writable" : false, |
|
| 73 |
+ "destination" : "/etc/hostname", |
|
| 74 |
+ "private" : true |
|
| 75 |
+ }, |
|
| 76 |
+ {
|
|
| 77 |
+ "source" : "/var/lib/docker/containers/11bb30683fb0bdd57fab4d3a8238877f1e4395a2cfc7320ea359f7a02c1a5620/hosts", |
|
| 78 |
+ "writable" : false, |
|
| 79 |
+ "destination" : "/etc/hosts", |
|
| 80 |
+ "private" : true |
|
| 81 |
+ } |
|
| 82 |
+ ], |
|
| 83 |
+ "namespaces" : [ |
|
| 84 |
+ "NEWNS", |
|
| 85 |
+ "NEWUTS", |
|
| 86 |
+ "NEWIPC", |
|
| 87 |
+ "NEWPID", |
|
| 88 |
+ "NEWNET" |
|
| 89 |
+ ] |
|
| 67 | 90 |
} |
| 68 | 91 |
``` |
| 69 | 92 |
|
| ... | ... |
@@ -1,17 +1,11 @@ |
| 1 | 1 |
#### goals |
| 2 | 2 |
* small and simple - line count is not everything but less code is better |
| 3 |
-* clean lines between what we do in the pkg |
|
| 4 | 3 |
* provide primitives for working with namespaces not cater to every option |
| 5 | 4 |
* extend via configuration not by features - host networking, no networking, veth network can be accomplished via adjusting the container.json, nothing to do with code |
| 6 | 5 |
|
| 7 | 6 |
#### tasks |
| 8 |
-* proper tty for a new process in an existing container |
|
| 9 |
-* use exec or raw syscalls for new process in existing container |
|
| 10 |
-* setup proper user in namespace if specified |
|
| 11 |
-* implement hook or clean interface for cgroups |
|
| 7 |
+* reexec or raw syscalls for new process in existing container |
|
| 12 | 8 |
* example configs for different setups (host networking, boot init) |
| 13 | 9 |
* improve pkg documentation with comments |
| 14 | 10 |
* testing - this is hard in a low level pkg but we could do some, maybe |
| 15 |
-* pivot root |
|
| 16 | 11 |
* selinux |
| 17 |
-* apparmor |