podman

mirror of https://github.com/containers/podman.git synced 2025-08-06 19:44:14 +08:00

Author	SHA1	Message	Date
Daniel J Walsh	195d48d86d	Copy some verification code out of Docker to verify user input Added lots of verification code to make sure resourses asociated with containers is correct. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #60 Approved by: umohnani8	2017-11-22 20:53:15 +00:00
Daniel J Walsh	bd4e106de3	Add support for pid ns Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #54 Approved by: umohnani8	2017-11-22 16:46:53 +00:00
Daniel J Walsh	91b406ea4a	Need to block access to kernel file systems in /proc and /sys Users of kpod run could use these file systems to perform a breakout or to learn valuable system information. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #61 Approved by: mheon	2017-11-22 15:49:56 +00:00
Daniel J Walsh	c75c319ea2	Add support for oom functions Add tests for oom-kill-disable and oom-kill-adj Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #52 Approved by: TomSweeneyRedHat	2017-11-21 15:33:16 +00:00
Daniel J Walsh	b4bc7b8828	Add cgroup fs by default Docker defaults to mounting the cgroup file system. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #53 Approved by: mheon	2017-11-20 22:47:58 +00:00
Daniel J Walsh	5d52f74d21	Add support for Ulimits/Rlimits to kpod create/run Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #24 Approved by: mheon	2017-11-20 20:12:43 +00:00
Daniel J Walsh	57599f0075	Fix up handling of environment variables The way docker works is if a user specifies a non `-e Name=Value`, IE just a `-e Name`, then the environment variable Name from the clients OS.ENV is used. Also by default Docker containers run with the HOSTNAME environment set to the HOSTNAME specified for the container. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #21 Approved by: baude	2017-11-20 16:25:31 +00:00
Daniel J Walsh	006a8bd6f3	Convert tmpfs mounts to use generate Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #19 Approved by: baude	2017-11-06 14:43:06 +00:00
Daniel J Walsh	402c30333f	Remove defaults and use runtime-tools/generate for spec Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #19 Approved by: baude	2017-11-06 14:43:06 +00:00
Daniel J Walsh	dbd524e3d1	Merge pull request #17 from rhatdan/caps Add support for Caps Options.	2017-11-05 17:06:25 -05:00
Daniel J Walsh	619637a919	Handle Linux Capabilities from command line Had to revendor in docker/docker again, which dropped a bunch of packages Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>	2017-11-04 09:07:47 +00:00
baude	aa19565d8d	spec.go: Remove cli context as func arg Remove cli context as a func arg to make unit tests easier. Signed-off-by: baude <bbaude@redhat.com>	2017-11-03 20:37:33 -05:00
Daniel J Walsh	098389dc3e	Parse SecurityOpts This should turn on handling of SELinux, NoNewPrivs, seccomp and Apparmor Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #15 Approved by: rhatdan	2017-11-03 20:55:10 +00:00
Daniel J Walsh	0847e770bb	Fix lint error on spec being shadowed Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>	2017-11-02 16:29:34 -04:00
Daniel J Walsh	92818fdfb7	Fix gofmt errors Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>	2017-11-02 15:30:39 -04:00
baude	8cf07b2ad1	libpod create and run patched version of the same code that went into crio Signed-off-by: baude <bbaude@redhat.com>	2017-11-01 14:19:19 -05:00

16 Commits