Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on Mar 20, 2015
  1. @jfmyers9

    Add debugging statements aroung quotacheck

    jfmyers9 authored
Commits on Feb 27, 2015
  1. @jfmyers9 @DanLavine

    Upgrade warden to use ruby 2.1.4

    jfmyers9 authored DanLavine committed
Commits on Jan 15, 2015
  1. @luan

    Re-enabled SIGCHLD on children of wshd

    luan authored Dan Lavine and Luan Santos committed
    wshd <- disabled | signalfd
      child <- disabled
        grandchildren... <- disabled
    wshd <- disabled | signalfd
      child <- enabled
        grandchildren... <- enabled
    This way children of wshd can receive signals for its children,
    propagating the signal up to wshd
Commits on Dec 24, 2014
  1. @vito
Commits on Dec 13, 2014
  1. Update default memory limit

    James Myers and Joseph Palermo authored
Commits on Nov 24, 2014
  1. @luan

    Stop container before destroying it

    luan authored
Commits on Oct 28, 2014
  1. @liuhewei
Commits on Oct 6, 2014
  1. @james-masson
  2. @james-masson
Commits on Sep 26, 2014
  1. @james-masson
Commits on Sep 21, 2014
  1. @fraenkel
Commits on Sep 2, 2014
  1. @sykesm @zrob

    Add test for fuse functionality added by PR #70

    sykesm authored zrob committed
    Signed-off-by: Zach Robinson <>
Commits on Aug 29, 2014
  1. @sykesm
Commits on Aug 22, 2014
  1. @sykesm @jfmyers9

    Propagate LANG to warden container

    sykesm authored jfmyers9 committed
    * Defaults to en_US.UTF-8
    Signed-off-by: James Myers <>
Commits on Aug 13, 2014
  1. @fraenkel @luan

    Allow tcp rules to be logged

    fraenkel authored luan committed
    Signed-off-by: Luan Santos <>
  2. @sykesm

    Remove limit when mounting /dev/shm

    sykesm authored
    - So we can run Docker under bosh-lite
    - Memory limits will be enforced by Warden via cgroups
    - [#76756280]
    Signed-off-by: Abhijit Hiremagalur <>
Commits on Jul 18, 2014
  1. @ematpl @sykesm

    Make host access configurable in warden server

    ematpl authored sykesm committed
    - set network.allow_host_access to enable or disable access
    - default value is false (disallows access to host vm)
    Signed-off-by: Matthew Sykes <>
Commits on Jul 12, 2014
  1. Merge remote-tracking branch 'origin/pr/69'

    Joseph Palermo authored
Commits on Jul 10, 2014
  1. Revert "Enable opt-in network access to inherited DNS servers"

    Eric Malm and Zach Robinson authored
    This reverts commit acb20cf.
Commits on Jul 9, 2014
  1. @sykesm @zrob

    Enable opt-in network access to inherited DNS servers

    sykesm authored zrob committed
    Warden containers inherit the DNS servers from the host DEA's
    /etc/resolv.conf.  With the addition of app security groups and a global deny
    policy, DNS is no longer accessible by default from containers; that made
    bosh-lite users very sad...
    When dea_next.allow_inherited_dns is true, rules are added to the default
    warden chain to allow access to the inherited DNS servers.
    Signed-off-by: Zach Robinson <>
Commits on Jul 7, 2014
  1. @sykesm

    Reject outbound connectivity from containers by default

    sykesm authored
    * Allow 'ESTABLISHED,RELATED' traffic on input chain to allow responses
      from containers to flow back to the host
    * Allow access DNS access and TCP access for net_in 'hairpin' test
    * Flesh out default networking configuration connectivity tests
    Signed-off-by: Michael Fraenkel <>
Commits on Jun 27, 2014
  1. @jfmyers9

    Implement all protocols for net_out

    jfmyers9 authored
Commits on Jun 26, 2014
  1. @dliebreich
Commits on Jun 24, 2014
  1. Allow fuse device to be used inside containers

    Aristoteles Neto authored
Commits on Jun 20, 2014
  1. @ematpl @dliebreich

    Fix net-out snapshotting

    ematpl authored dliebreich committed
    * Add tests for writing, restoring from net-out snapshot data
    Signed-off-by: Dave Liebreich <>
Commits on Jun 19, 2014
  1. @dengwa

    Container net reachability check is made more robust to handle both t…

    dengwa authored
    …he public internet case and the private intranet case.
Commits on Jun 16, 2014
  1. @sykesm @zrob

    Bump warden-protocol version in Gemfile.lock

    sykesm authored zrob committed
    Signed-off-by: Zach Robinson <>
Commits on Jun 14, 2014
  1. @sykesm

    Support icmp rules with warden net_out

    sykesm authored Joseph Palermo committed
    Signed-off-by: Joseph Palermo <>
Commits on Jun 13, 2014
  1. @sykesm

    Add network range and protocol support to net_out

    sykesm authored
    Signed-off-by: James Myers <>
    Signed-off-by: Joseph Palermo <>
Commits on Jun 9, 2014
  1. @ematpl @sykesm

    Lock rspec at ~> 2.11

    ematpl authored sykesm committed
    RSpec 3 is out and we're picking it up in our CI builds.  Locking an older
    version to avoid the deprecation warnings and other issues associated with
    using the new rspec.
    We've explicitly chosen 2.11 as 2.14 also issues deprecation warnings that we
    don't intend to address at this time.
    Signed-off-by: Matthew Sykes <>
  2. @ematpl @sykesm

    Update yajl-ruby

    ematpl authored sykesm committed
    Signed-off-by: Matthew Sykes <>
Commits on Jun 4, 2014
  1. @jfmyers9 @sykesm

    Merge remote-tracking branch 'origin/pr/56'

    jfmyers9 authored sykesm committed
    Signed-off-by: Matthew Sykes <>
Commits on May 16, 2014
  1. @jfoley

    switch to using garden to avoid using pkill

    jfoley authored dmitriy kalinin committed
    Signed-off-by: dmitriy kalinin <>
Commits on Apr 16, 2014
  1. @fraenkel
Commits on Apr 11, 2014
  1. @sykesm

    Sync fs and move image deletion after loop detach

    sykesm authored
    The warden tests frequently fail under VMware due to an error detatching
    a loop device that was associated with a mounted disk image:
      loop: can't delete device /dev/loop0: Device or resource busy
    In order to reduce the likelihood of the problem, a `sync` was added
    before the detach and the deletion of the image file was moved until
    after the detach.  After repeated runs with these modifications, I have
    not seen the failures occur.
Something went wrong with that request. Please try again.