The stime syscall is a legacy syscall on some architectures
to set the clock, should be blocked as time is not namespaced.
Signed-off-by: Justin Cormack <justin.cormack@unikernel.com>
Upstream-commit: 6300a08be905969b16197f6a82a3d0d99a3f99cd
Component: engine
clock_adjtime is the new posix style version of adjtime allowing
a specific clock to be specified. Time is not namespaced, so do
not allow.
Signed-off-by: Justin Cormack <justin.cormack@unikernel.com>
Upstream-commit: 0e5c43cddad304301ca8a82f652e15f75ee68cfe
Component: engine
This is a new version of init_module that takes a file descriptor
rather than a file name.
Signed-off-by: Justin Cormack <justin.cormack@unikernel.com>
Upstream-commit: 0d5306a0b69c912a981f3a4bd41b80beb1207851
Component: engine
The original umount syscall without flags argument needs to
be blocked too.
Signed-off-by: Justin Cormack <justin.cormack@unikernel.com>
Upstream-commit: 9be0d93cf74d1bb31c401f1154abc773af31cbd6
Component: engine
It's used for updating properties of one or more containers, we only
support resource configs for now. It can be extended in the future.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Upstream-commit: 8799c4fc0feadede6ae60e77bd7d9dfd7cc72a79
Component: engine
Cleanup does not happen if retErr is not set on return
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: 54f8ba7e9e496ae58c15eddb084fbd51418ab197
Component: engine
When a container is created it is registered before the mount is created. This can lead to mount does not exist errors when inspecting between create and mount.
Fixes#18753
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: d8e090669ed4d9b27206d7f8797c01ed4b2cd20f
Component: engine
RWLayer will now have more operations and be protected through a referenced type rather than always looked up by string in the layer store.
Separates creation of RWLayer (write capture layer) from mounting of the layer.
This allows mount labels to be applied after creation and allowing RWLayer objects to have the same lifespan as a container without performance regressions from requiring mount.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: d04fa49a0dec89d2f71a813ce8eaa182184139c5
Component: engine
Add filter support for `network ls` to hide predefined network,
then user can use "docker network rm `docker network ls -f type=custom`"
to delete a bundle of userdefined networks.
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
Upstream-commit: 26dd026bd70c9c18a16b0e339821c309e56d8ff0
Component: engine
We keep only one logic to test event related behavior that will help us
diagnose flacky event errors.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: af51df20bdd9962b1aaa79819cafefc715290d28
Component: engine
- Make the API client library completely standalone.
- Move windows partition isolation detection to the client, so the
driver doesn't use external types.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 7ac4232e70fe7cf7318333cd0890db7f95663079
Component: engine
This is a very docker concept that nobody elses need.
We only maintain it to keep the API backwards compatible.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: f9b857a200696b07b67e6a7f94ede32487f5649d
Component: engine
1. It's a cgroup api, fit the general defination that we take
cgroup options as kind of resource options.
2. It's common usage and very helpful as explained here:
https://github.com/docker/docker/pull/18270#issuecomment-160561316
3. It's already in `Resource` struct in
daemon/execdriver/driver_unix.go
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Upstream-commit: 8498ed73f7b35da807b5d5dcf532114c7b3df52d
Component: engine
Move connection hijacking logic to the daemon.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: af94f941df9ee43b61e0e8f9d3c3b3962597eff6
Component: engine
The loopback logic is not technically exclusive to the devicemapper
driver. This reorganizes the code such that the loopback code is usable
outside of the devicemapper package and driver.
Signed-off-by: Vincent Batts <vbatts@redhat.com>
Upstream-commit: af597527121c0ad973e9d0ae4f9cf970da1513cc
Component: engine
