Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on Mar 20, 2015
  1. @jfmyers9

    Add debugging statements aroung quotacheck

    jfmyers9 authored
    [#89756902]
Commits on Feb 27, 2015
  1. @jfmyers9 @DanLavine

    Upgrade warden to use ruby 2.1.4

    jfmyers9 authored DanLavine committed
    [#89148118]
Commits on Jan 15, 2015
  1. @luan

    Re-enabled SIGCHLD on children of wshd

    luan authored Dan Lavine and Luan Santos committed
    Before:
    
    wshd <- disabled | signalfd
      child <- disabled
        grandchildren... <- disabled
    
    After:
    
    wshd <- disabled | signalfd
      child <- enabled
        grandchildren... <- enabled
    
    This way children of wshd can receive signals for its children,
    propagating the signal up to wshd
    
    [#83352380]
Commits on Dec 24, 2014
  1. @vito
Commits on Dec 13, 2014
  1. Update default memory limit

    James Myers and Joseph Palermo authored
Commits on Nov 24, 2014
  1. @luan

    Stop container before destroying it

    luan authored
    [#82596896]
Commits on Oct 28, 2014
  1. @liuhewei
Commits on Oct 6, 2014
  1. @james-masson
  2. @james-masson
Commits on Sep 26, 2014
  1. @james-masson
Commits on Sep 21, 2014
  1. @fraenkel
Commits on Sep 2, 2014
  1. @sykesm @zrob

    Add test for fuse functionality added by PR #70

    sykesm authored zrob committed
    [#73847508]
    
    Signed-off-by: Zach Robinson <zrobinson@pivotal.io>
Commits on Aug 29, 2014
  1. @sykesm
Commits on Aug 22, 2014
  1. @sykesm @jfmyers9

    Propagate LANG to warden container

    sykesm authored jfmyers9 committed
    * Defaults to en_US.UTF-8
    
    [#77303528]
    
    Signed-off-by: James Myers <jmyers@pivotallabs.com>
Commits on Aug 13, 2014
  1. @fraenkel @luan

    Allow tcp rules to be logged

    fraenkel authored luan committed
    [#73905126]
    
    Signed-off-by: Luan Santos <lsantos@pivotal.io>
  2. @sykesm

    Remove limit when mounting /dev/shm

    sykesm authored
    - So we can run Docker under bosh-lite
    - Memory limits will be enforced by Warden via cgroups
    - [#76756280]
    
    Signed-off-by: Abhijit Hiremagalur <abhi@pivotallabs.com>
Commits on Jul 18, 2014
  1. @ematpl @sykesm

    Make host access configurable in warden server

    ematpl authored sykesm committed
    - set network.allow_host_access to enable or disable access
    - default value is false (disallows access to host vm)
    
    [#75162152]
    
    Signed-off-by: Matthew Sykes <matthew.sykes@gmail.com>
Commits on Jul 12, 2014
  1. Merge remote-tracking branch 'origin/pr/69'

    Joseph Palermo authored
    Conflicts:
    	warden/spec/container/linux_spec.rb
Commits on Jul 10, 2014
  1. Revert "Enable opt-in network access to inherited DNS servers"

    Eric Malm and Zach Robinson authored
    This reverts commit acb20cf.
Commits on Jul 9, 2014
  1. @sykesm @zrob

    Enable opt-in network access to inherited DNS servers

    sykesm authored zrob committed
    Warden containers inherit the DNS servers from the host DEA's
    /etc/resolv.conf.  With the addition of app security groups and a global deny
    policy, DNS is no longer accessible by default from containers; that made
    bosh-lite users very sad...
    
    When dea_next.allow_inherited_dns is true, rules are added to the default
    warden chain to allow access to the inherited DNS servers.
    
    [#71585346]
    
    Signed-off-by: Zach Robinson <zrobinson@pivotallabs.com>
Commits on Jul 7, 2014
  1. @sykesm

    Reject outbound connectivity from containers by default

    sykesm authored
    * Allow 'ESTABLISHED,RELATED' traffic on input chain to allow responses
      from containers to flow back to the host
    * Allow access DNS access and TCP access for net_in 'hairpin' test
    * Flesh out default networking configuration connectivity tests
    
    [#71585346]
    
    Signed-off-by: Michael Fraenkel <fraenkel@us.ibm.com>
Commits on Jun 27, 2014
  1. @jfmyers9

    Implement all protocols for net_out

    jfmyers9 authored
    [#74073900]
Commits on Jun 26, 2014
  1. @dliebreich
Commits on Jun 24, 2014
  1. Allow fuse device to be used inside containers

    Aristoteles Neto authored
Commits on Jun 20, 2014
  1. @ematpl @dliebreich

    Fix net-out snapshotting

    ematpl authored dliebreich committed
    * Add tests for writing, restoring from net-out snapshot data
    
    [#71585132]
    
    Signed-off-by: Dave Liebreich <dliebreich@pivotallabs.com>
Commits on Jun 19, 2014
  1. @dengwa

    Container net reachability check is made more robust to handle both t…

    dengwa authored
    …he public internet case and the private intranet case.
Commits on Jun 16, 2014
  1. @sykesm @zrob

    Bump warden-protocol version in Gemfile.lock

    sykesm authored zrob committed
    [#72801782]
    
    Signed-off-by: Zach Robinson <zrobinson@pivotallabs.com>
Commits on Jun 14, 2014
  1. @sykesm

    Support icmp rules with warden net_out

    sykesm authored Joseph Palermo committed
    [#72801782]
    
    Signed-off-by: Joseph Palermo <jpalermo@pivotallabs.com>
Commits on Jun 13, 2014
  1. @sykesm

    Add network range and protocol support to net_out

    sykesm authored
    Signed-off-by: James Myers <jmyers@pivotallabs.com>
    Signed-off-by: Joseph Palermo <jpalermo@pivotallabs.com>
    
    [#72801782]
Commits on Jun 9, 2014
  1. @ematpl @sykesm

    Lock rspec at ~> 2.11

    ematpl authored sykesm committed
    RSpec 3 is out and we're picking it up in our CI builds.  Locking an older
    version to avoid the deprecation warnings and other issues associated with
    using the new rspec.
    
    We've explicitly chosen 2.11 as 2.14 also issues deprecation warnings that we
    don't intend to address at this time.
    
    Signed-off-by: Matthew Sykes <matthew.sykes@gmail.com>
  2. @ematpl @sykesm

    Update yajl-ruby

    ematpl authored sykesm committed
    Signed-off-by: Matthew Sykes <matthew.sykes@gmail.com>
Commits on Jun 4, 2014
  1. @jfmyers9 @sykesm

    Merge remote-tracking branch 'origin/pr/56'

    jfmyers9 authored sykesm committed
    Signed-off-by: Matthew Sykes <matthew.sykes@gmail.com>
Commits on May 16, 2014
  1. @jfoley

    switch to using garden stop.sh to avoid using pkill

    jfoley authored dmitriy kalinin committed
    Signed-off-by: dmitriy kalinin <dmitriy@pivotallabs.com>
Commits on Apr 16, 2014
  1. @fraenkel
Commits on Apr 11, 2014
  1. @sykesm

    Sync fs and move image deletion after loop detach

    sykesm authored
    The warden tests frequently fail under VMware due to an error detatching
    a loop device that was associated with a mounted disk image:
    
      loop: can't delete device /dev/loop0: Device or resource busy
    
    In order to reduce the likelihood of the problem, a `sync` was added
    before the detach and the deletion of the image file was moved until
    after the detach.  After repeated runs with these modifications, I have
    not seen the failures occur.
Something went wrong with that request. Please try again.