Update "tini --version" parsing to be more forgiving of Tini's output format (release build vs git build)
Upstream-commit: d9c4261964fc4c93d2e34de650a33936ebbf7f9c
Component: engine
Currently these fields are included in the response JSON with zero
values. It's better not to include them if the information is
unavailable (for example, on a worker node).
This turns Cluster into a pointer so that it can be left out.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 3894254dddc56bf283d7361dc88953a167a3be1f
Component: engine
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
perfect the test case for 'discoveryOpts'
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
Upstream-commit: fb2bc3521069b55bbb342305e533e78682fbcc65
Component: engine
When sending a bad URL in the fromSrc parameter using cURL
the response will have status code 200 while it should have 404
or 500 (depends on the error).
This commit addresses this problem in the following ways:
* Before, `src` was parsed using url.Parse and if the
returned `url.Scheme` was empty it was set to 'http'
and `url.Host` was set to `src`.
This is bad because if `src` was 'web.com/tars/image1.tar'
The `url.String()` returns 'web.com%2Ftars%2Fimage1.tar`
which will cause the daemon to fail downloading the file
* Before writing the "Downloading" message, the image
is attempted to be downloaded and if there is no error
the "Downloading" message is sent.
Signed-off-by: Boaz Shuster <ripcurld.github@gmail.com>
Upstream-commit: e050f1760dd8a3d48d95bb3d2de503fc4177ff5f
Component: engine
When the daemon is configured to run with an authorization-plugin and if
the plugin is disabled, the daemon continues to send API requests to the
plugin and expect it to respond. But the plugin has been disabled. As a
result, all API requests are blocked. Fix this behavior by removing the
disabled plugin from the authz middleware chain.
Tested using riyaz/authz-no-volume-plugin and observed that after
disabling the plugin, API request/response is functional.
Fixes#31836
Signed-off-by: Anusha Ragunathan <anusha.ragunathan@docker.com>
Upstream-commit: 38de272bd4dfea945985b7031cd353ac5f6507c5
Component: engine
If a caller specifies an SELinux type or MCS Label and still wants to
share an IPC Namespace or the host namespace, we should allow them.
Currently we are ignoring the label specification if ipcmod=container
or pidmode=host.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Upstream-commit: 881e20ee0be4bf048fb3b7e7f4c12b076a1607bb
Component: engine
Fix#31350
As we can see in `daemon.Images()`, there is a gap between
`allImages = daemon.imageStore.Map()` and `l, err :=
daemon.layerStore.Get(layerID)`, so images which still exist when we hit
`allImages = daemon.imageStore.Map()` may have already been deleted when we hit
`l, err := daemon.layerStore.Get(layerID)`.
```
if danglingOnly {
allImages = daemon.imageStore.Heads()
} else {
allImages = daemon.imageStore.Map()
}
...
for id, img := range allImages {
...
layerID := img.RootFS.ChainID()
var size int64
if layerID != "" {
l, err := daemon.layerStore.Get(layerID)
if err != nil {
return nil, err
}
```
Signed-off-by: Yuanhong Peng <pengyuanhong@huawei.com>
Upstream-commit: 2b9694c29e3bbbce23f0c4009f908a23c115c598
Component: engine
This fix tries to address the request in 31325 by adding
`--filter mode=global|replicated` to `docker service ls`.
As `docker service ls` has a `MODE` column by default, it is natural
to support `--filter mode=global|replicated` for `docker service ls`.
There are multiple ways to address the issue. One way is to pass
the filter of mode to SwarmKit, another way is to process the filter
of mode in the daemon.
This fix process the filter in the daemon.
Related docs has been updated.
An integration test has been added.
This fix fixes 31325.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 43a1bd564b5dbd835631cda102f68286c0d533e9
Component: engine
