Right now it redirects, so change it to the correct one.
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
Upstream-commit: 7c763b360a08f9a079fd041cbe38ab71efc3cd11
Component: engine
This adds ppc64le and s390x architectures to those supported
by hack/make/release-debs
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
Upstream-commit: 9db1d16053b9c94586d4233a1f4067eede24947e
Component: engine
This fix is part of the discussion in 28199 about using
`truncate` to replace `--no-trunc`.
As part of the fix, a new function `truncate` has been
added for Go templates so that it is possible to use
```
docker stack services --format "{{truncate .ID 5}}: {{.Mode}} {{.Replicas}}"
```
to show truncated ID.
A unit test has been added.
This fix is related to 28199.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 7fa8d5e064bad6d65348a69b623ebb2ecffdf248
Component: engine
This commit updates bash and zsh completion for flag `--read-only`
in `service create/update`.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 885e1f250a7ad46da33ab554b1d57d5e0a663618
Component: engine
This fix tries to address the issue raised in 29972 where
it was not possible to specify `--read-only` for `docker service create`
and `docker service update`, in order to have the container's root file
system to be read only.
This fix adds `--read-only` and update the `ReadonlyRootfs` in `HostConfig`
through `service create` and `service update`.
Related docs has been updated.
Integration test has been added.
This fix fixes 29972.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 499a0dd43e50c6f253f8890f5c54ae99675b1e7e
Component: engine
Docker inspect "AppArmorProfile" field now shows "docker-default" when AppArmor is enabled and no other profile was defined
Upstream-commit: 61b2cda9f58a548bd62ac62c8896cfd7ccac6733
Component: engine
Signed-off-by: Roberto Muñoz Fernández <robertomf@gmail.com>
Added an apparmorEnabled boolean in the Daemon struct to indicate if AppArmor is enabled or not. It is set in NewDaemon using sysInfo information.
Signed-off-by: Roberto Muñoz Fernández <robertomf@gmail.com>
gofmt'd
Signed-off-by: Roberto Muñoz Fernández <robertomf@gmail.com>
change the function name to something more adequate and changed the behaviour to show empty value on an apparmor disabled system.
Signed-off-by: Roberto Muñoz Fernández <robertomf@gmail.com>
go fmt
Signed-off-by: Roberto Muñoz Fernández <robertomf@gmail.com>
Upstream-commit: d97a00dfd5ec884a98e087b1fc6e705459ca81e9
Component: engine
There is 5 calls left, that use StdinPipe that is not yet supported by
icmd.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: ecbb0e62f66da7d698c4f4583f36b927d8cfa811
Component: engine
This fix updates SwarmKit to 78ae345f449ac69aa741c762df7e5f0020f70275
(from 037b4913929019d44bc927870bf2d92ce9ca261f)
The following issues in docker are related
- Can not update service in host publish mode (#30199) (fixed)
- Add `ReadonlyRootfs` in ContainerSpec for `--read-only` (#29972) (needed)
- Explicitly disallow network pluginv1 creation in swarm mode
(See discussion in docker/swarmkit/pull/1899, docker/swarmkit/pull/1894,
and docker/docker/pull/30332#issuecomment-274277948)
This fix fixes#30199
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 849816dd0fbd70d0e46567fffc7416b667bff9b5
Component: engine
These are arm variants with different argument ordering because of
register alignment requirements.
fix#30516
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Upstream-commit: d6adcd6a82ba0997fcc123090711b5502da5cbfd
Component: engine
