This test appears to trigger HTTP requests to "example.com", which may
explain why it is not behaving consistently. This changes it to use an
internal HTTP server to avoid unexpected behavior caused by firewalls or
proxies.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: b483e4f09c128c2fabf82f787c0cf737c17c9c10
Component: engine
These replace `wait*` functions from `docker_utils_test.go` and work
more or less like other `cli` functions.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: db35c2a5a8d93cfeac9e75a3add60ae7c64a5856
Component: engine
Addresses part of #32140, in particular:
- this will make it so that double backslashes in double-quoted
strings will result in a single backslash. While in single quotes it remains
a double backslash.
- missing closing " and ' will now generate an error
Signed-off-by: Doug Davis <dug@us.ibm.com>
Upstream-commit: 2fb7c3c4f0b2fe15e279729a87c465df4fa70879
Component: engine
This changes the long-standing bug of copy operations not preserving the
UID/GID information after the files arrive to the container.
Signed-off-by: Erik Hollensbe <github@hollensbe.org>
Upstream-commit: 8a7ff5ff746a77e0be601c11540562341b2228c1
Component: engine
Remove commented code blocks
Remove some duplication in comparing and restructuring env
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Upstream-commit: c7fad9b750f8f143a22cc5a85a1dc26573025414
Component: engine
… and continue emptying `docker_utils_test.go` from build related function.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 56fb4653e8b867802d2a33121f933d164a4e6325
Component: engine
When a container was being destroyed was possible to have
flows in conntrack left behind on the host.
If a flow is present into the conntrack table, the packet
processing will skip the POSTROUTING table of iptables and
will use the information in conntrack to do the translation.
For this reason is possible that long lived flows created
towards a container that is destroyed, will actually affect
new flows incoming to the host, creating erroneous conditions
where traffic cannot reach new containers.
The fix takes care of cleaning them up when a container is
destroyed.
The test of this commit is actually reproducing the condition
where an UDP flow is established towards a container that is then
destroyed. The test verifies that the flow established is gone
after the container is destroyed.
Signed-off-by: Flavio Crisciani <flavio.crisciani@docker.com>
Upstream-commit: 1c4286bcffcdc6668f84570a2754c78cccbbf7e1
Component: engine
This adds a new parameter insertDefaults to /services/{id}. When this is
set, an empty field (such as UpdateConfig) will be populated with
default values in the API response. Make "service inspect" use this, so
that empty fields do not result in missing information when inspecting a
service.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 1d274e9acfe96b98be3ec956636ff4e5c70e98af
Component: engine
Service logs API is now stable. Service logs now support all features,
except retrieving details provided to the log driver.
Signed-off-by: Drew Erny <drew.erny@docker.com>
Upstream-commit: 306cfecc8c146ea8addb44dd35296808b25916a2
Component: engine
This updates the versions of the frozen images used to their current
version. The original reason for updating these images was to make sure
they are not affected by [CVE-2016-1252 / DSA-3733-1](https://lwn.net/Articles/709119/),
which is fixed in apt 1.0.9.8.4 and up.
Note that `CVE-2016-1252` won't affect our test-suite, because no packages
are installed during out tests. It is just "good practice" to keep these
images up to date.
The `debian:jessie`, and `buildpack-deps:jessie` in `Dockerfile.s390x`,
and `Dockerfile.armhf` have not been updated in this patch, because
those images have not yet been updated to contain apt 1.0.9.8.4.
While working on this, the `busybox` and `hello-world` were also updated
to their latest version.
Also removes a reference to `hack/make/.ensure-frozen-images`, which
was removed in ff91276d1f5beab5582d9ca582ee01af13198333.
The new busybox image has one layer less than the original,
so updated `TestBuildSquashParent` to take that into account.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 1ecd8ed5186a161c1c43ae7c99b1c81b97188619
Component: engine
Logging plugins use the same HTTP interface as other plugins for basic
command operations meanwhile actual logging operations are handled (on
Unix) via a fifo.
The plugin interface looks like so:
```go
type loggingPlugin interface {
StartLogging(fifoPath string, loggingContext Context) error
StopLogging(fifoPath)
```
This means a plugin must implement `LoggingDriver.StartLogging` and
`LoggingDriver.StopLogging` endpoints and be able to consume the passed
in fifo.
Logs are sent via stream encoder to the fifo encoded with protobuf.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 27bd6842f8518780b99fdb42f8e7f84c17856d87
Component: engine
When container's status is running, shell command may have not
executed end. So if we use 'docker exec -u test' to execute
command, it may fail since user 'test' have not be added yet.
Signed-off-by: Fengtu Wang <wangfengtu@huawei.com>
Upstream-commit: c7c6167bcad5133dc94f7173cb40f3d974ef8a36
Component: engine
Resolve networks IDs on the client side.
Avoid filling in deprecated Spec.Networks field.
Sort networks in the TaskSpec for update stability.
Add an integration test for changing service networks.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 0f2669a63834844fb0ef5c017f517d8c321ad3c7
Component: engine
Add MetaArgs for ARG that occur before the first FROM
Integration test for these cases.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Upstream-commit: 239c53bf836174108dbae445a394a290f5fe2898
Component: engine
Paths resolving to c:\ or c:\windows are forbidden
Replaced the obscure (and non-working) regex with a simple case
insensitive comparison to the black listed paths (we should forbid c:\,
c:\windows but not d:\)
Also, add a test ensuring paths are case insensitive on windows
Also, made sure existing multi-staged build tests pass on windows
Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
Upstream-commit: b0e75888738f6e427b545922a195837c00158749
Component: engine
Refactor container logs system to make communicating log messages
internally much simpler. Move responsibility for marshalling log
messages into the REST server. Support TTY logs. Pave the way for fixing
the ambiguous bytestream format. Pave the way for fixing details.
Signed-off-by: Drew Erny <drew.erny@docker.com>
Upstream-commit: 1044093bb0aa12eb8972361a93b9bc8c4ddd857b
Component: engine
This fix tries to address the issue raised in 31032 where it was
not possible to specify `--cpus` for `docker update`.
This fix adds `--cpus` support for `docker update`. In case both
`--cpus` and `--cpu-period/--cpu-quota` have been specified,
an error will be returned.
Related docs has been updated.
Integration tests have been added.
This fix fixes 31032.
This fix is related to 27921, 27958.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 61022436926a8d0c92068e8116a2ad77f43eb6d6
Component: engine
Improve test coverage of ReplaceFileTarWrapper()
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Upstream-commit: 8cd6c30a489f7a0210526b0f94469c525ba8e0ee
Component: engine
This fix tries to address the issue raised in 29999 where it was not
possible to mask these items (like important non-removable stuff)
from `docker system prune`.
This fix adds `label` and `label!` field for `--filter` in `system prune`,
so that it is possible to selectively prune items like:
```
$ docker container prune --filter label=foo
$ docker container prune --filter label!=bar
```
Additional unit tests and integration tests have been added.
This fix fixes 29999.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 702524732427ce028277f99f215e1fab297e6001
Component: engine
Heavily based on implementation by David Sheets
Signed-off-by: David Sheets <sheets@alum.mit.edu>
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Upstream-commit: 3f6dc81e10b8b813fffaa9b4167a60c5a507fa38
Component: engine
Allowing the retries to go up to 10 causes the test to always
hit the check against ensuring the retry wait went up to 15 seconds.
Additionally we have the max download attempts in the code set to
5. This change did not protect against using this test to expose
a problem in the underlying code. Remove checks for retry since
there may be additional requests before the upload.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: 5ff82cffeeecfb452a9bc1f1ff5d4f5eb3c8e55b
Component: engine
