From 53ed25d9b6a0141f19fc2e95be7cece5512846c1 Mon Sep 17 00:00:00 2001 From: Albin Kerouanton Date: Fri, 3 Feb 2023 11:39:40 +0100 Subject: [PATCH 1/4] Fix bad ThrottleDevice path Fixes moby/moby#44904. Signed-off-by: Albin Kerouanton (cherry picked from commit 56051b84b00fa6a2bda9775231d2209c76d39e03) Signed-off-by: Sebastiaan van Stijn --- opts/throttledevice.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/opts/throttledevice.go b/opts/throttledevice.go index 9fb788433b..789acf60fc 100644 --- a/opts/throttledevice.go +++ b/opts/throttledevice.go @@ -31,7 +31,7 @@ func ValidateThrottleBpsDevice(val string) (*blkiodev.ThrottleDevice, error) { } return &blkiodev.ThrottleDevice{ - Path: v, + Path: k, Rate: uint64(rate), }, nil } From 168f1b55e2026e3c9819484b52b62ab915705966 Mon Sep 17 00:00:00 2001 From: Cory Snider Date: Fri, 3 Feb 2023 17:49:12 -0500 Subject: [PATCH 2/4] cli/command/container: exit 126 on EISDIR error The error returned from "os/exec".Command when attempting to execute a directory has been changed from syscall.EACCESS to syscall.EISDIR on Go 1.20. https://github.com/golang/go/commit/2b8f21409480931b45c983853a78dc7984ed634e Consequently, any runc runtime built against Go 1.20 will return an error containing 'is a directory' and not 'permission denied'. Update the string matching so the CLI exits with status code 126 on 'is a directory' errors (EISDIR) in addition to 'permission denied' (EACCESS). Signed-off-by: Cory Snider (cherry picked from commit 9b5ceb52b0a1271c6d0668adeedc55869709317b) Signed-off-by: Sebastiaan van Stijn --- cli/command/container/run.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cli/command/container/run.go b/cli/command/container/run.go index dcf9dca9f2..f538c04a1d 100644 --- a/cli/command/container/run.go +++ b/cli/command/container/run.go @@ -308,7 +308,8 @@ func runStartContainerErr(err error) error { strings.Contains(trimmedErr, "no such file or directory") || strings.Contains(trimmedErr, "system cannot find the file specified") { statusError = cli.StatusError{StatusCode: 127} - } else if strings.Contains(trimmedErr, syscall.EACCES.Error()) { + } else if strings.Contains(trimmedErr, syscall.EACCES.Error()) || + strings.Contains(trimmedErr, syscall.EISDIR.Error()) { statusError = cli.StatusError{StatusCode: 126} } From 0cd15abfde20b97965168c1d054a313f8e9382a9 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 4 Feb 2023 13:28:11 +0100 Subject: [PATCH 3/4] vendor: github.com/containerd/containerd v1.6.16 no changes in vendored code full diff: https://github.com/containerd/containerd/compare/v1.6.15...v1.6.16 Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 5195db1ff5dc4a98bb5c92328884e1fb1e82c162) Signed-off-by: Sebastiaan van Stijn --- vendor.mod | 2 +- vendor.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/vendor.mod b/vendor.mod index ba737bee6d..684000fd66 100644 --- a/vendor.mod +++ b/vendor.mod @@ -7,7 +7,7 @@ module github.com/docker/cli go 1.18 require ( - github.com/containerd/containerd v1.6.15 + github.com/containerd/containerd v1.6.16 github.com/creack/pty v1.1.11 github.com/docker/distribution v2.8.1+incompatible github.com/docker/docker v23.0.0-rc.3+incompatible diff --git a/vendor.sum b/vendor.sum index f7278deef0..6c132be146 100644 --- a/vendor.sum +++ b/vendor.sum @@ -84,8 +84,8 @@ github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI= github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= -github.com/containerd/containerd v1.6.15 h1:4wWexxzLNHNE46aIETc6ge4TofO550v+BlLoANrbses= -github.com/containerd/containerd v1.6.15/go.mod h1:U2NnBPIhzJDm59xF7xB2MMHnKtggpZ+phKg8o2TKj2c= +github.com/containerd/containerd v1.6.16 h1:0H5xH6ABsN7XTrxIAKxFpBkFCBtrZ/OSORhCpUnHjrc= +github.com/containerd/containerd v1.6.16/go.mod h1:1RdCUu95+gc2v9t3IL+zIlpClSmew7/0YS8O5eQZrOw= github.com/containerd/continuity v0.3.0 h1:nisirsYROK15TAMVukJOUyGJjz4BNQJBVsNvAXZJ/eg= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= diff --git a/vendor/modules.txt b/vendor/modules.txt index 162dd82240..a0172dc05f 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -12,7 +12,7 @@ github.com/beorn7/perks/quantile # github.com/cespare/xxhash/v2 v2.1.2 ## explicit; go 1.11 github.com/cespare/xxhash/v2 -# github.com/containerd/containerd v1.6.15 +# github.com/containerd/containerd v1.6.16 ## explicit; go 1.17 github.com/containerd/containerd/errdefs github.com/containerd/containerd/log From 14aac2c232f23d8d1553c60ef4450be921a2d349 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 4 Feb 2023 13:30:07 +0100 Subject: [PATCH 4/4] vendor: github.com/docker/docker v23.0.0 - client: improve error messaging on crash full diff: https://github.com/docker/docker/compare/v23.0.0-rc.3...v23.0.0 Signed-off-by: Sebastiaan van Stijn (cherry picked from commit bbebebaedf079c5a145ef984ffe2f36abd7be8f1) Signed-off-by: Sebastiaan van Stijn --- vendor.mod | 2 +- vendor.sum | 4 ++-- .../docker/docker/client/container_wait.go | 23 +++++++++++++++++-- vendor/modules.txt | 2 +- 4 files changed, 25 insertions(+), 6 deletions(-) diff --git a/vendor.mod b/vendor.mod index 684000fd66..1b99ae790b 100644 --- a/vendor.mod +++ b/vendor.mod @@ -10,7 +10,7 @@ require ( github.com/containerd/containerd v1.6.16 github.com/creack/pty v1.1.11 github.com/docker/distribution v2.8.1+incompatible - github.com/docker/docker v23.0.0-rc.3+incompatible + github.com/docker/docker v23.0.0+incompatible github.com/docker/docker-credential-helpers v0.7.0 github.com/docker/go-connections v0.4.0 github.com/docker/go-units v0.5.0 diff --git a/vendor.sum b/vendor.sum index 6c132be146..40d93ff77b 100644 --- a/vendor.sum +++ b/vendor.sum @@ -101,8 +101,8 @@ github.com/denisenkom/go-mssqldb v0.0.0-20191128021309-1d7a30a10f73/go.mod h1:xb github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68= github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v23.0.0-rc.3+incompatible h1:97RCXK7nxN1YPlqb3z0+AoTE3rql4ck1CG5p9tlRD2o= -github.com/docker/docker v23.0.0-rc.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v23.0.0+incompatible h1:L6c28tNyqZ4/ub9AZC9d5QUuunoHHfEH4/Ue+h/E5nE= +github.com/docker/docker v23.0.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c h1:lzqkGL9b3znc+ZUgi7FlLnqjQhcXxkNM/quxIjBVMD0= diff --git a/vendor/github.com/docker/docker/client/container_wait.go b/vendor/github.com/docker/docker/client/container_wait.go index 9aff716132..2375eb1e80 100644 --- a/vendor/github.com/docker/docker/client/container_wait.go +++ b/vendor/github.com/docker/docker/client/container_wait.go @@ -1,14 +1,19 @@ package client // import "github.com/docker/docker/client" import ( + "bytes" "context" "encoding/json" + "errors" + "io" "net/url" "github.com/docker/docker/api/types/container" "github.com/docker/docker/api/types/versions" ) +const containerWaitErrorMsgLimit = 2 * 1024 /* Max: 2KiB */ + // ContainerWait waits until the specified container is in a certain state // indicated by the given condition, either "not-running" (default), // "next-exit", or "removed". @@ -46,9 +51,23 @@ func (cli *Client) ContainerWait(ctx context.Context, containerID string, condit go func() { defer ensureReaderClosed(resp) + + body := resp.body + responseText := bytes.NewBuffer(nil) + stream := io.TeeReader(body, responseText) + var res container.WaitResponse - if err := json.NewDecoder(resp.body).Decode(&res); err != nil { - errC <- err + if err := json.NewDecoder(stream).Decode(&res); err != nil { + // NOTE(nicks): The /wait API does not work well with HTTP proxies. + // At any time, the proxy could cut off the response stream. + // + // But because the HTTP status has already been written, the proxy's + // only option is to write a plaintext error message. + // + // If there's a JSON parsing error, read the real error message + // off the body and send it to the client. + _, _ = io.ReadAll(io.LimitReader(stream, containerWaitErrorMsgLimit)) + errC <- errors.New(responseText.String()) return } diff --git a/vendor/modules.txt b/vendor/modules.txt index a0172dc05f..e944751e46 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -40,7 +40,7 @@ github.com/docker/distribution/registry/client/transport github.com/docker/distribution/registry/storage/cache github.com/docker/distribution/registry/storage/cache/memory github.com/docker/distribution/uuid -# github.com/docker/docker v23.0.0-rc.3+incompatible +# github.com/docker/docker v23.0.0+incompatible ## explicit github.com/docker/docker/api github.com/docker/docker/api/types