jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
406 Commits 33 Branches 583 Tags
6ca040149cdcc47447d232fd3ede8d44de838fcd
Commit Graph

35 Commits

Author SHA1 Message Date
Girish Ramakrishnan
3837bee51f retry pulling image 
fixes #497
 2015-09-29 12:47:03 -07:00
Girish Ramakrishnan
185b574bdc Add custom apparmor profile for cloudron apps 
Docker generates an apparmor profile on the fly under /etc/apparmor.d/docker.
This profile gets overwritten on every docker daemon start.

This profile allows processes to ptrace themselves. This is required by
circus (python process manager) for reasons unknown to me. It floods the logs
with
    audit[7623]: <audit-1400> apparmor="DENIED" operation="ptrace" profile="docker-default" pid=7623 comm="python3.4" requested_mask="trace" denied_mask="trace" peer="docker-default"

This is easily tested using:
    docker run -it cloudron/base:0.3.3 /bin/bash
        a) now do ps
        b) journalctl should show error log as above

    docker run --security-opt=apparmor:docker-cloudron-app -it cloudron/base:0.3.3 /bin/bash
        a) now do ps
        b) no error!

Note that despite this, the process may not have ability to ptrace since it does not
have CAP_PTRACE. Also, security-opt is the profile name (inside the apparmor config file)
and not the filename.

References:
    https://groups.google.com/forum/#!topic/docker-user/xvxpaceTCyw
    https://github.com/docker/docker/issues/7276
    https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1320869

This is an infra update because we need to recreate containers to get the right profile.

Fixes #492
 2015-09-21 11:01:44 -07:00
Girish Ramakrishnan
a89726a8c6 Add custom debug.formatArgs to remove timestamp prefix in logs 
Fixes #490

See also:
https://github.com/visionmedia/debug/issues/216
 2015-09-21 09:05:14 -07:00
Girish Ramakrishnan
2f141cd6e0 Make the times absurdly high but that is how long in takes 2015-09-15 18:56:25 -07:00
Girish Ramakrishnan
998ac74d32 oldConfig.location can be null 
If we had an update, location is not part of oldConfig. if we now do
an infra update, location is undefined.
 2015-09-15 18:08:29 -07:00
Girish Ramakrishnan
e70c9d55db apptask: retry for external error as well 2015-09-14 21:45:27 -07:00
Girish Ramakrishnan
4e331cfb35 retry registering and unregistering subdomain 2015-09-08 12:51:25 -07:00
Johannes Zellner
f87011b5c2 Also always check for dns propagation 2015-08-30 17:00:23 -07:00
Johannes Zellner
7f149700f8 Remove wrong optimization for subdomain records 2015-08-30 16:54:33 -07:00
Johannes Zellner
e31e5e1f69 Reuse dnsRecordId for record status id 2015-08-30 15:58:54 -07:00
Johannes Zellner
31d9027677 Query dns status with aws statusId 2015-08-30 15:51:33 -07:00
Johannes Zellner
9074bccea0 Move subdomain management from appstore to box 2015-08-30 15:29:14 -07:00
Girish Ramakrishnan
848b745fcb Fix boolean logic 2015-08-25 12:24:02 -07:00
Girish Ramakrishnan
1f1e6124cd oldConfig can be null during a restore/upgrade 2015-08-25 09:59:44 -07:00
Girish Ramakrishnan
dd80a795a0 Read memoryLimit from manifest 2015-08-24 22:44:35 -07:00
Girish Ramakrishnan
dd6b8face9 Set app memory limit to 200MB (includes 100 MB swap) 2015-08-24 21:58:19 -07:00
Girish Ramakrishnan
4ab84d42c6 Delete image only if it changed 
This optimization won't work if we have two dockerImage with same
image id....
 2015-08-19 14:24:32 -07:00
Girish Ramakrishnan
361be8c26b containerId can be null 2015-08-18 15:43:50 -07:00
Girish Ramakrishnan
4db9a5edd6 Clean up the old image and not the current one 2015-08-18 10:01:15 -07:00
Girish Ramakrishnan
a6a3855e79 Do not remove icon for non-appstore installs 
Fixes #466
 2015-08-17 19:37:51 -07:00
Girish Ramakrishnan
2386545814 Add a note why oldConfig can be null 2015-08-17 10:05:07 -07:00
Girish Ramakrishnan
33ac34296e CpuShares is part of HostConfig 2015-08-12 23:47:35 -07:00
Johannes Zellner
d12f260d12 Prevent accessing oldConfig if it does not exist 2015-08-12 21:17:52 +02:00
Girish Ramakrishnan
c125cc17dc Apps must only get 50% less cpu than system processes when there is a contention for cpu 2015-08-11 17:00:48 -07:00
Girish Ramakrishnan
f6df4cab67 Remove ADMIN_ORIGIN 2015-08-05 17:27:55 -07:00
Johannes Zellner
3d8b90f5c8 Redirect on app error to webadmin appstatus page 
Part of #436
 2015-07-28 13:46:58 +02:00
Girish Ramakrishnan
3f732abbb3 Add debugs 2015-07-20 11:05:30 -07:00
Girish Ramakrishnan
1af3397898 Disable removeIcon is apptask for now 2015-07-20 11:01:52 -07:00
Girish Ramakrishnan
0d89612769 unusedAddons must be an object, not an array 2015-07-20 10:50:44 -07:00
Girish Ramakrishnan
17b1f469d7 Handle forced updates 2015-07-20 10:09:02 -07:00
Girish Ramakrishnan
1e67241049 Return error on unknown installation command 2015-07-20 10:03:55 -07:00
Girish Ramakrishnan
173efa6920 Leave note on when lastBackupId can be null 2015-07-20 09:54:17 -07:00
Girish Ramakrishnan
0285562133 Revert the manifest and portBindings on a failed update 
Fixes #443
 2015-07-20 09:48:31 -07:00
Girish Ramakrishnan
26fbace897 During an update backup the old addons 
Fixes #444
 2015-07-20 00:50:36 -07:00
Girish Ramakrishnan
df9d321ac3 app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:10:36 -07:00