summaryrefslogtreecommitdiff
path: root/cmd/kpod/spec.go
Commit message (Collapse)AuthorAge
* Copy some verification code out of Docker to verify user inputDaniel J Walsh2017-11-22
| | | | | | | | | | Added lots of verification code to make sure resourses asociated with containers is correct. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #60 Approved by: umohnani8
* Add support for pid nsDaniel J Walsh2017-11-22
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #54 Approved by: umohnani8
* Need to block access to kernel file systems in /proc and /sysDaniel J Walsh2017-11-22
| | | | | | | | | | Users of kpod run could use these file systems to perform a breakout or to learn valuable system information. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #61 Approved by: mheon
* Add support for oom functionsDaniel J Walsh2017-11-21
| | | | | | | | | Add tests for oom-kill-disable and oom-kill-adj Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #52 Approved by: TomSweeneyRedHat
* Add cgroup fs by defaultDaniel J Walsh2017-11-20
| | | | | | | | | Docker defaults to mounting the cgroup file system. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #53 Approved by: mheon
* Add support for Ulimits/Rlimits to kpod create/runDaniel J Walsh2017-11-20
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #24 Approved by: mheon
* Fix up handling of environment variablesDaniel J Walsh2017-11-20
| | | | | | | | | | | | | | The way docker works is if a user specifies a non `-e Name=Value`, IE just a `-e Name`, then the environment variable Name from the clients OS.ENV is used. Also by default Docker containers run with the HOSTNAME environment set to the HOSTNAME specified for the container. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #21 Approved by: baude
* Convert tmpfs mounts to use generateDaniel J Walsh2017-11-06
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #19 Approved by: baude
* Remove defaults and use runtime-tools/generate for specDaniel J Walsh2017-11-06
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #19 Approved by: baude
* Merge pull request #17 from rhatdan/capsDaniel J Walsh2017-11-05
|\ | | | | Add support for Caps Options.
| * Handle Linux Capabilities from command lineDaniel J Walsh2017-11-04
| | | | | | | | | | | | Had to revendor in docker/docker again, which dropped a bunch of packages Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | spec.go: Remove cli context as func argbaude2017-11-03
|/ | | | | | | Remove cli context as a func arg to make unit tests easier. Signed-off-by: baude <bbaude@redhat.com>
* Parse SecurityOptsDaniel J Walsh2017-11-03
| | | | | | | | | This should turn on handling of SELinux, NoNewPrivs, seccomp and Apparmor Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #15 Approved by: rhatdan
* Fix lint error on spec being shadowedDaniel J Walsh2017-11-02
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix gofmt errorsDaniel J Walsh2017-11-02
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* libpod create and runbaude2017-11-01
patched version of the same code that went into crio Signed-off-by: baude <bbaude@redhat.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-07 01:31:07 +0000