Linux kernel 4.3 and later supports "ambient capabilities" which are the
only way to pass capabilities to containers running as a non root uid.
Previously there was no way to allow containers not running as root
capabilities in a useful way.
Fix#8460
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Upstream-commit: 199e19548e93262ab00873c1d761b0d05f866042
Component: engine
While look at #27039 I noticed that we allow for whitespace after
the continuation char (\\) which is wrong. It needs to be the very
last char in the line.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Upstream-commit: 105bc63295a7126798d3722a0e205c5ead4e2b1c
Component: engine
- Do not create the default "bridge" network
- Get rid of the docker0 bridge
Signed-off-by: Alessandro Boch <aboch@docker.com>
Upstream-commit: a0af884d3a499460bdb8b41bc7cd61b1a56e6d22
Component: engine
validate service parameter in client side to avoid api call in `docker service scale`
Upstream-commit: 4fabc92cfc0670851851ebfb0f12d037059e6be1
Component: engine
No substantial code change.
- Api --> API
- Cli --> CLI
- Http, Https --> HTTP, HTTPS
- Id --> ID
- Uid,Gid,Pid --> UID,PID,PID
- Ipam --> IPAM
- Tls --> TLS (TestDaemonNoTlsCliTlsVerifyWithEnv --> TestDaemonTLSVerifyIssue13964)
Didn't touch in this commit:
- Git: because it is officially "Git": https://git-scm.com/
- Tar: because it is officially "Tar": https://www.gnu.org/software/tar/
- Cpu, Nat, Mac, Ipc, Shm: for keeping a consistency with existing production code (not changable, for compatibility)
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
Upstream-commit: 7fb7a477d79c67ab53c432977780662ccbfeec57
Component: engine
This fix tries to address the issue raised in 27021 where
HTML strings like (`&, >, <, etc`) in environmental variables
are escaped for JSON output for `docker inspect`. For example,
`TEST_ENV="soanni&rtr"` has been escaped to `TEST_ENV="soanni\u0026rtr"`
This fix disabled HTML escaping with `SetEscapeHTML`, which is available
since golang 1.7.0. This changes will be applied to all JSON output
that utilize `httputils.WriteJSON`.
An integration test has been added to cover the changes.
This fix fixes 27021.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 0fa20ad13b0b5c6d1bf8a8285717c07697d079ba
Component: engine
Test can miss Starting state, so wait until its Running
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: 2de05de98dc096de9e774aa5b520ab8f6862de0c
Component: engine
This makes it easier to list containers that are part of a task
(swarm mode) and those who are not.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 5280ba83e55b94b9d4973a15381e18eb10920233
Component: engine
This fix tries to address the issue related to 24108 and 24790, and
also the case from 24620#issuecomment-233715656
The reason for the failure case in the above mentioned issues is that
currently Task names are actually indexed by Service Name
(`e.ServiceAnnotations.Name`)
To fix it, a pull request in swarmkit (swarmkit/pull/1193) has been
opened separately.
This fix adds the integration tests for the above mentioned issues.
Swarmkit revendoring is needed to completely fix the issues.
This fix fixes 24108.
This fix fixes 24790.
This fix is related to 24620.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: f676fc93c3791f72938a6be9c7517ac620c02d1c
Component: engine
This fix tries to address the issue raised in 24538
where the error message is unclear when removing pre-defined networks:
```
docker network rm ingress
Error response from daemon: rpc error: code = 7 desc = 4vlxuzpk8bxdsxpyvkxluol5g is a pre-defined network and cannot be removed
```
This fix improve the error message so that if network's name is specified
in the `RemoveNetwork`, then error message will contain the name and the ID
(instead of just an ID):
```
docker network rm ingress
Error response from daemon: rpc error: code = 7 desc = ingress (4vlxuzpk8bxdsxpyvkxluol5g) is a pre-defined network and cannot be removed
```
An integration test has been added to cover the changes.
This fix fixes 24538.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: de4871165b43ec813940858a1c96ab6bb1fbd776
Component: engine
The daemon is in a separate (dockerd) binary
since docker 1.12, so should no longer be
used.
This marks the command as deprecated, and
adds it to the deprecated features list.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: bf58dd82c31bb3a71916eec743d0560e360c6e08
Component: engine
