When 567ef8e7858c ("daemon: switch to 'ensure' workflow for AppArmor
profiles") was merged, it didn't correctly handle the exec path if
AppArmor profiles were deleted. Fix this by duplicating the
ensureDefaultApparmorProfile code in the exec code.
Fixes: 567ef8e7858c ("daemon: switch to 'ensure' workflow for AppArmor profiles")
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Upstream-commit: 790a81ea9acce318d0e037771c253951b874140b
Component: engine
Right now getting logs from a service with an attached TTY does not
work. The behavior was undefined and caused the command to hang and
strange messages to occur in the daemon logs.
This returns errors, both deep in the swarmkit adapter (to guard against
undefined behavior, which is Bad) and in the daemon (to tell users that
the thing they're asking for is not possible).
Signed-off-by: Drew Erny <drew.erny@docker.com>
Upstream-commit: 37ae1ef0ffcf8605daeaf41440da774370377a6d
Component: engine
In https://github.com/torvalds/linux/commit/5ca3726 (released in v4.7-rc1) the
content of the `cpuacct.usage_percpu` file in sysfs was changed to include both
online and offline cpus. This broke the arithmetic in the stats helpers used by
`docker stats`, since it was using the length of the PerCPUUsage array as a
proxy for the number of online CPUs.
Add current number of online CPUs to types.StatsJSON and use it in the
calculation.
Keep a fallback to `len(v.CPUStats.CPUUsage.PercpuUsage)` so this code
continues to work when talking to an older daemon. An old client talking to a
new daemon will ignore the new field and behave as before.
Fixes#28941.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
Upstream-commit: 115f91d7575d6de6c7781a96a082f144fd17e400
Component: engine
The response would never reach the client because it was being
redeclared in the current scope.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 9d127f8de3fa489b2c0d896dd9612f43e45f7cdd
Component: engine
Running the rm command on a paused/restarting container
will give an error message saying the container is running
which is incorrect.
To fix that, the error message will have the correct
container state and a procedure to remove it accordingly.
Notice: docker-py was bumped to:
4a08d04aef0595322e1b5ac7c52f28a931da85a5
Signed-off-by: Boaz Shuster <ripcurld.github@gmail.com>
Upstream-commit: 0ec8f56a3d7f1413cdb3ae7711d518e99f9282e9
Component: engine
Since it was introduced no reports were made and lsof seems to cause
issues on some systems.
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
Upstream-commit: eac66b67be0710322d0e21a67a55f5731be48f68
Component: engine
Server-side rollback can take advantage of the rollback-specific update
parameters, instead of being treated as a normal update that happens to
go back to a previous version of the spec.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: f9bd8ec8b268581f93095c5a80679f0a8ff498bf
Component: engine
--max-concurrent-downloads,--max-concurrent-uploads must great than or equal to 0
Upstream-commit: dc1b0e1b2c8483e0f2eaa28316be01aae6d6ae4a
Component: engine
When using `docker volume rm -f`, all errors were ignored,
and volumes where Purged, even if they were still in
use by a container.
As a result, repeated calls to `docker volume rm -f`
actually removed the volume.
The `-f` option was implemented to ignore errors
in case a volume was already removed out-of-band
by a volume driver plugin.
This patch changes the remove function to not
ignore "volume in use" errors if `-f` is used.
Other errors are still ignored as before.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 9d521a4d2fbbeec0f672b986e294fd5f1c4d2f32
Component: engine
when doing devices.cancelDeferredRemoval, the device could have been removed
and return ErrEnxio, but it continue to check if it is need to do suspend.
doSuspend := devinfo != nil && devinfo.Exists != 0 uses a devinfo which is
get before devices.cancelDeferredRemoval(baseInfo), it is outdate, the device
has been removed and there is no need to do suspend. If do suspend it will return
devicemapper: Error running deviceSuspend dm_task_run failed.
Signed-off-by: Lei Jitang <leijitang@huawei.com>
Upstream-commit: 6e25bb2ed6560baec4b13930e673c88f1b49de34
Component: engine
… in order to remove duplication.
Each time we update a cluster object, we do some common
operations (lock, verify it's on a manager, get the request context,
and the update). This introduce a method and refactor few
update/remove method that allows to duplicate less code.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 250e05e42773a875d2fb8248b94fa72f2934a4b6
Component: engine
Removes some duplication in counter.go and proxy.go
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 2028d8698d95fb73f0c59a548b8f2adbdf5057a4
Component: engine
Both method are trying to detach the container from a cluster
network. The code is exactly the same, this removes the duplication.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: cb6832c6d34cdce33341c4f71ba8f22a23608c70
Component: engine
Some methods need to get a container *and* validate some conditon on
these (is the container running, …). The CheckContainer allows
to do that and helps remove some duplication.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 12485d62eeba27119260dc5eb54ac4fa83c3130b
Component: engine
endpointSpecFromGRPC and endpointFromGRPC do the exact same thing for
endpoint{,Spec}.Ports, let's extract that to a method.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: a620c0172c6f11c538b27a26fdb3e5cdd3bf2ff9
Component: engine
Refactor daemon.V4Subnets and daemon.V6Subnets to limit duplication
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 3c5932086af51f57c497690ce3cf18a906b700cf
Component: engine
This adds support for placement preferences in Swarm services.
- Convert PlacementPreferences between GRPC API and HTTP API
- Add --placement-pref, --placement-pref-add and --placement-pref-rm to CLI
- Add support for placement preferences in service inspect --pretty
- Add integration test
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 17288c611a4f3f75ecb3bbb4533820b1836c55a6
Component: engine
Before this change, doing service logs was just tossing the stream
selectors and always using the default (both streams). This change adds
a check for which streams the user wants and only includes those.
Fixes#31306
Signed-off-by: Drew Erny <drew.erny@docker.com>
Upstream-commit: f63c62ce70d6ed4706dbde43feb22c6004c32061
Component: engine
I found that sometimes tasks would end up in a rejected state when
trying to update them quickly. The problem was that Shutdown could fail
if called before the container was started. Instead of returning an
error in this case, Shutdown should succeed. This allows tasks to
progress to the "shutdown" state as expected.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 37b492ae1b2ba5f84cd0b795dbc68804d7b2fec5
Component: engine
text does not appear to contain a placeholder
Signed-off-by: Helen Xie <chenjg@harmonycloud.cn>
Upstream-commit: 2a8d6368d4a930203b93f75914173ab65bf3b0bc
Component: engine
