Since Go 1.7, s390x uses upstream Go, so we have no reason to
support gccgo any more.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Upstream-commit: eda90f63446253f97d2011926555306f2417d208
Component: engine
While testing #24510 I noticed that 32 bit syscalls were incorrectly being
blocked and we did not have a test for this, so adding one.
This is only tested on amd64 as it is the only architecture that
reliably supports 32 bit code execution, others only do sometimes.
There is no 32 bit libc in the buildpack-deps so we cannot build
32 bit C code easily so use the simplest assembly program which
just calls the exit syscall.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Upstream-commit: 93bbc76ee53240e0862c6f1ff409e7a4ee0883dc
Component: engine
schema1 manifests is not working on ARM64, we should skip integration-cli
tests for schema1 manifests on ARM64.
Signed-off-by: Lei Jitang <leijitang@huawei.com>
Upstream-commit: 9c1566a1dfa3eccd12e09a3e2cbda60503600d44
Component: engine
To implement seccomp for s390x the following changes are required:
1) seccomp_default: Add s390 compat mode
On s390x (64 bit) we can run s390 (32 bit) programs in 32 bit
compat mode. Therefore add this information to arches().
2) seccomp_default: Use correct flags parameter for sys_clone on s390x
On s390x the second parameter for the clone system call is the flags
parameter. On all other architectures it is the first one.
See kernel code kernel/fork.c:
#elif defined(CONFIG_CLONE_BACKWARDS2)
SYSCALL_DEFINE5(clone, unsigned long, newsp, unsigned long, clone_flags,
int __user *, parent_tidptr,
So fix the docker default seccomp rule and check for the second
parameter on s390/s390x.
3) seccomp_default: Add s390 specific syscalls
For s390 we currently have three additional system calls that should
be added to the seccomp whitelist:
- Other architectures can read/write unprivileged from/to PCI MMIO memory.
On s390 the instructions are privileged and therefore we need system
calls for that purpose:
* s390_pci_mmio_write()
* s390_pci_mmio_read()
- Runtime instrumentation:
* s390_runtime_instr()
4) test_integration: Do not run seccomp default profile test on s390x
The generated profile that we check in is for amd64 and i386
architectures and does not work correctly on s390x.
See also: 75385dc216e ("Do not run the seccomp tests that use
default.json on non x86 architectures")
5) Dockerfile.s390x: Add "seccomp" to DOCKER_BUILDTAGS
Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Upstream-commit: bf2a577c131d8998eb6ecac986d80e1289e6c801
Component: engine
For test that should be exclusively run only in regular daemon builds
and not in the experimental version, add a requirement.
Verified using TestCleanupMountsAfterDaemonKill.
- On regular daemon, the test ran.
- On experimental daemon, the test skipped.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
Upstream-commit: c7076d26709f3fa277bd11e1dffdc8fc7833d38e
Component: engine
and for which the tag conforms to path restrictions.
Signed-off-by: cyli <cyli@twistedmatrix.com>
Upstream-commit: 497a58e6e48277bbee214d701e3d671eb8975797
Component: engine
This PR adds the "notary" binary requirement for tests.
Previously, NotaryHosting was checking for the "notary-server"
binary under the name notaryBinary. This renames that reference to
notaryServerBinary, so that notaryBinary can rightly refer
to the actual "notary" binary.
Currently only one test actually uses the notary binary, so it's been
updated accordingly.
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
Upstream-commit: db700a678d1da4275553ff7201e2597c7a8016ee
Component: engine
On redhat based distribution, checking that USER_NS is compiled in the
kernel is not sufficient, we also have to check that the feature as
been enabled.
With this commit, it is now done by checking the content of
`/sys/module/user_namespace/parameters/enable`.
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
Upstream-commit: 6cbff9505c992bd1e61ea7943737dac04ba665ea
Component: engine
This removes two tests on ppc64le.
There is an old bug with a syscall on power #8653, that causes
logrus to default to using logfmt. These two tests look for
logrus format specific strings, and fail if they don't see it.
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
Upstream-commit: 736e93a468fe8b8530ec5d00b9be7bbd53e306fc
Component: engine
Correctly passes the DOCKER_ENGINE_GOARCH env var
to the testing environment
Also fixes logic for skipping a test if on ARM.
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
Upstream-commit: d12f4babdd08acd3cf64c2ee4a9550c81d534816
Component: engine
Each platform has only a driver now.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 157b66ad390902ef6f5b51b3f76d5177eacac81b
Component: engine
Added notary server to docker base image.
Created trust suite which runs trust server for running trusted commands.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: 58a1de9b59594948df152f0003e759b77bcaa56a
Component: engine
It seems http://hub.docker.com is not accessible anymore, so switching
to https://hub.docker.com for testRequires(c, Network).
Adds a Timeout check on the TestRequirement to *panic* if there is a
timeout (fail fast).
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 6e4c6da81916e25081c32d3e5f8880ef4d03ad36
Component: engine
This patch adds tests for the `--ipv6` and `--fixed-cidr` daemon flags
Signed-off-by: Dave Tucker <dt@docker.com>
Upstream-commit: 2dfb7f3b7d66e49841cf07aa11943b74312222a3
Component: engine
It prints test name and duration for each test.
Also performs deleteAllContainers after each test.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: dc944ea7e48d11a2906e751d3e61daf08faee054
Component: engine
The overlay filesystem does not support inotify at this time. The
resolv.conf updater test was passing on overlay-based Jenkins because of
a fluke--because it was DIND, /etc/resolv.conf on the "host" was really
a bind-mounted resolv.conf from the outer container, which means a watch
directly on that file worked as it was not overlay backed. The new test
(from #10703) unmounts the bind-mounted copy to test create and modify
code-paths, which caused us to hit the issue.
This PR also adds a note to the docs about the lack of auto-update when
using the overlay storage driver.
See https://lkml.org/lkml/2012/2/28/223 for more info on inotify and
overlay.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Upstream-commit: 9057ca2541582fc41eb7cb45edd332247a813bba
Component: engine
Some pull/push tests are launching `registry-v2`
binary which is compiled and installed if the tests
are running in-container through `make test-integration-cli`.
However, registry is not supported to run on non-linux
platforms and we can't really spin up any registry-v2
containers in the remote DOCKER_TEST_HOST at this point.
Just skipping those with the new TestRequirement called
`RegistryHosting`.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Upstream-commit: e2aa8f0cd984fbb31231240052e5505e1b1e3d2f
Component: engine
Skip tests based on remote daemon's exec support (to exclude
these tests from `make test` ran in LXC case). Makes use of
`test_no_exec` build tag passed by build scripts.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Upstream-commit: 102e0611475c7267dd4d2a87044fcc40b2eddcc0
Component: engine
Skipping some of the tests closely tied to running in a
unix environment. Windows does not support chmod/chown
and this causes some tests to fail creating desired
behavior.
- `TestBuildWithInaccessibleFilesInContext`: uses chown/chmod
- `TestBuildDockerfileOutsideContext`: uses os.Symlink, not implemented on
windows
- `TestCpUnprivilegedUser`: uses chmod, and requires 'unprivilegeduser'
created by Dockerfile (and thus requires to run inside container)
- `TestBuildChownSingleFile`: uses chown
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Upstream-commit: 492a58f05fe026653e27ed75d3ad4221f2e615b1
Component: engine
If DOCKER_CLIENTONLY is set for test-integration-cli, we don't set
the 'daemon' build tag. 'isRemoteDaemon' will help us skip such
tests without a need to move them to a separate file and accidentally
lose track of them.
Added `testRequires` function to skip tests based on predefined
conditions evaluated in runtime. This way we can easily extend test
requirements like:
testRequires(t, Networking, SameHostDaemon, Linux)
Signed-off-by: Ahmet Alp Balkan <ahmetb@microsoft.com>
Upstream-commit: bc37c036b568f9ae27a7aa457ec73d0c5c6a61cf
Component: engine
