Make sure btrfs mounted subvolumes are owned properly when a remapped
root exists (user namespaces are enabled, for example)
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Upstream-commit: 72e65e87935e5b82de76a6ef9b8160900f4724b7
Component: engine
It's "/docker" for cgroupfs and "system.slice" for systemd.
Fix#19140
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: c1cd45d547ef26cf988dc72d456430361dafcf08
Component: engine
Makes `docker volume ls` and `docker volume inspect` ask the volume
drivers rather than only using what is cached locally.
Previously in order to use a volume from an external driver, one would
either have to use `docker volume create` or have a container that is
already using that volume for it to be visible to the other volume
API's.
For keeping uniqueness of volume names in the daemon, names are bound to
a driver on a first come first serve basis. If two drivers have a volume
with the same name, the first one is chosen, and a warning is logged
about the second one.
Adds 2 new methods to the plugin API, `List` and `Get`.
If a plugin does not implement these endpoints, a user will not be able
to find the specified volumes as well requests go through the drivers.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: d3eca4451d264aac564594fe46b8c097bd85a5cc
Component: engine
Merge was used by builder and daemon. With this commit, the builder
call has been inlined and the function moved to the daemon package,
which is the only other caller.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
Upstream-commit: eb4ae8e28aa0baf28d6cde1079a5f9c618d475b2
Component: engine
dockerfile.Config is almost redundant with ImageBuildOptions.
Unify the two so that the latter can be removed. This also
helps build's API endpoint code to be less dependent on package
dockerfile.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
Upstream-commit: 5190794f1d85d5406611eb69c270df62ac1cdc7f
Component: engine
This version is sometimes used eg by glibc on x86
Signed-off-by: Justin Cormack <justin.cormack@unikernel.com>
Upstream-commit: 822c4f79ab5c84d48bbdd5534cdfd98990cdcee7
Component: engine
In the default seccomp rule, allow use of 32 bit syscalls on
64 bit architectures, so you can run x86 Linux images on x86_64
without disabling seccomp or using a custom rule.
Signed-off-by: Justin Cormack <justin.cormack@unikernel.com>
Upstream-commit: ca3ae72e43a0e6ad2f4f548586110c2e296ae1e9
Component: engine
Instead of creating a "0.0" subdirectory and migrating graphroot
metadata into it when user namespaces are available in the daemon
(currently only in experimental), change the graphroot dir permissions
to only include the execute bit for "other" users.
This allows easy migration to and from user namespaces and will allow
easier integration of user namespace support into the master build.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Upstream-commit: e8532023f20498e6eb1ce5c079dc8a09aeae3061
Component: engine
This is used on some 32 bit architectures, eg x86
Signed-off-by: Justin Cormack <justin.cormack@unikernel.com>
Upstream-commit: d8e06d54cf3f6478ba85f60cca4a9b03bbc68f10
Component: engine
This is the newer verion of lseek on many 32 bit platforms
Signed-off-by: Justin Cormack <justin.cormack@unikernel.com>
Upstream-commit: 923609179b18fb5fc9d4ad7820646af7e09786a2
Component: engine
Being able to obtain a file handle is no use as we cannot perform
any operation in it, and it may leak kernel state.
Signed-off-by: Justin Cormack <justin.cormack@unikernel.com>
Upstream-commit: c1b57fc1c9e230b95c2c76d1eaca0e3622fc72d5
Component: engine
The parse.go file is used almost exclusively in the client. The few small
functions that are used outside of the client could easily be copied out
when the client is extracted, allowing this runconfig/opts package to
move to the client.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Upstream-commit: 2b7ad47bd2649c3f164e8b57b31fae313045c8f4
Component: engine
Fix declarations of of execdriver/native.NewDriver to have the same signature for all platforms
Upstream-commit: 0fff66977a5f4245aedc780acde319a587e945a7
Component: engine
Implement configurable detach keys (for `attach`, exec`, `run` and
`start`) using the client-side configuration
- Adds a `--detach-keys` flag to `attach`, `exec`, `run` and `start`
commands.
- Adds a new configuration field (in `~/.docker/config.json`) to
configure the default escape keys for docker client.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 15aa2a663b47b6126a66efefcadb64edfbffb9f5
Component: engine
This change is done so that driver_unsupported.go and driver_unsupported_nocgo.go
declare the same signature for NewDriver as driver.go.
Fixes#19032
Signed-off-by: Lukas Waslowski <cr7pt0gr4ph7@gmail.com>
Upstream-commit: 9a03967f0abae4cc1dca00f339c58c31579c45b5
Component: engine
