those that were specified in the config. This commit also explicitly
adds a set of capabilities that we were silently not dropping and were
assumed by the tests.
Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
Upstream-commit: 9d6875d19d3926faf6287487234ad0b2f1310e9d
Component: engine
use path.IsAbs() instead of checking if first char is '/'
Docker-DCO-1.1-Signed-off-by: Lajos Papp <lajos.papp@sequenceiq.com> (github: lalyos)
Upstream-commit: ad35d522dbfac124225e27f58bf07c61a34d78b5
Component: engine
ideally it should never reach it, but there was already multiple issues with infinite loop
at following symlinks. this fixes hanging unit tests
Docker-DCO-1.1-Signed-off-by: Lajos Papp <lajos.papp@sequenceiq.com> (github: lalyos)
Upstream-commit: b51c366bfc963687b8cc14df614a2fc10bad6306
Component: engine
normally symlinks are created as either
ln -s /path/existing /path/new-name
or
cd /path && ln -s ./existing new-name
but one can create it this way
cd /path && ln -s existing new-name
this drives FollowSymlinkInScope into infinite loop
Docker-DCO-1.1-Signed-off-by: Lajos Papp <lajos.papp@sequenceiq.com> (github: lalyos)
Upstream-commit: 8b77a5b7aedb1168707f486ed540edf3e5de8819
Component: engine
We don't need this because it is covered by the libcontainer MAINTAINERS
file
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: b22d10e3c541c46cebe7da44fd2f521c4bc653f4
Component: engine
Before we create any files to bind-mount on, make sure they are
inside the container rootfs, handling for instance absolute symbolic
links inside the container.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: b7c7b851dce28bb679e0289168da382d7cdad74b
Component: engine
All modern distros set up /run to be a tmpfs, see for instance:
https://wiki.debian.org/ReleaseGoals/RunDirectory
Its a very useful place to store pid-files, sockets and other things
that only live at runtime and that should not be stored in the image.
This is also useful when running systemd inside a container, as it
will try to mount /run if not already mounted, which will fail for
non-privileged container.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 905795ece624675abe2ec2622b0bbafdb9d7f44c
Component: engine
If you specify a bind mount in a place that doesn't have a file yet we
create that (and parent directories). This is needed because otherwise
you can't use volumes like e.g. /dev/log, as that gets covered by the
/dev tmpfs mounts.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 70ef53f25e177e42046170ef59bb29ebd77a3016
Component: engine
This is a convenience for callers which are only interested in one value
per key. Similar to how HTTP headers allow multiple keys per value, but
are often used to store and retrieve only one value.
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Upstream-commit: 2af030ab57d1d84ac9a1d22552dc9d83b16951c4
Component: engine
This introduces a superficial change to the Beam API:
* `beam.SendPipe` is renamed to the more accurate `beam.SendRPipe`
* `beam.SendWPipe` is introduced as a mirror to `SendRPipe`
There is no other change in the beam API.
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Upstream-commit: 0aeff69e5900a15e3872494ac0009600f6c1c372
Component: engine
Update restrict.Restrict to both show the error message when failing to mount /dev/null over /proc/kcore, and to ignore "not exists" errors while doing so (for when CONFIG_PROC_KCORE=n in the kernel)
Upstream-commit: 7673e3c58938aa4179f3ec84ed4960b4b6267c14
Component: engine
This patch fixes the fact that the tests for pkg/networkfs/etchosts
couldn't build due to syntax errors.
Docker-DCO-1.1-Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
Upstream-commit: 14f65ab83b4f72ea56b3e98023e941474d4e9dd8
Component: engine
