Until volume plugins can be made aware of the remapped root,
interactions with volumes created by plugin will not work as the file
ownership denies permissions to the userns remapped range.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
Upstream-commit: b1ced2af03c5a8009c314bde80b5f2516e0522fd
Component: engine
This test is the API version of a docker_cli_run_test that was already
disabled from userns, but when ported to API didn't retain the same test
requirements. Specifically, a user namespaced process will not have
access to the host namespace's IPC devices and is already documented as
such in the user namespace restrictions docs.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
Upstream-commit: d9f3548a936991594095c12b7271ce3387f4025c
Component: engine
Use strongly typed errors to set HTTP status codes.
Error interfaces are defined in the api/errors package and errors
returned from controllers are checked against these interfaces.
Errors can be wraeped in a pkg/errors.Causer, as long as somewhere in the
line of causes one of the interfaces is implemented. The special error
interfaces take precedence over Causer, meaning if both Causer and one
of the new error interfaces are implemented, the Causer is not
traversed.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: ebcb7d6b406fe50ea9a237c73004d75884184c33
Component: engine
These test cases cover various arguments for docker create/run --ipc
option, as well as daemon's --default-ipc-mode cli option and
configuration file parameter.
For the description of container IPC modes, see previous commit.
To run these:
TESTFLAGS='-check.f IpcMode' make test-integration-cli
[v2: simplify TestDaemonEvents(), add default-ipc-mode presense check]
[v3: add TestDaemonIpcModeVSRestart]
[v4: ipcmode test now uses client lib instead of CLI (except for exec)]
[v5: nitpicks in comments]
[v6: add test case for "none"; fix a typo; simplify TestDaemonEvents() more]
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Upstream-commit: 9a60e1cc874402d10eb7e45f62cce25bf5c41d30
Component: engine
This adds a new package `integration` where `engine` integration tests
should live. Those integration tests should not depends on any `cli`
components (except from the `dockerd` daemon for now — to actually
start a daemon).
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 6b025a8b665f7b976bb2560488ba07f55dbf0fb6
Component: engine
Current insider builds of Windows have support for mounting individual
named pipe servers from the host to the guest. This allows, for example,
exposing the docker engine's named pipe to a container.
This change allows the user to request such a mount via the normal bind
mount syntax in the CLI:
docker run -v \\.\pipe\docker_engine:\\.\pipe\docker_engine <args>
Signed-off-by: John Starks <jostarks@microsoft.com>
Upstream-commit: 54354db850664783918a1fc9d208bcfcf47c28e2
Component: engine
- When a network is created with the null ipam driver, docker api server
thread will deference a nil pointer on `docker network ls` and on
`docker network inspect <nw>`. This because buildIpamResource()
assumes a gateway address is always present, which is not correct.
Signed-off-by: Alessandro Boch <aboch@tetrationanalytics.com>
Upstream-commit: beebfc0cf6240c8af511eb4d7e29314c8de6ddf2
Component: engine
Steps to reproduce:
```
# docker run -tid --name aaa ubuntu
57bfd00ac5559f72eec8c1b32a01fe38427d66687940f74611e65137414f0ada
# docker run -tid --name bbb --link aaa ubuntu
23ad18362950f39b638206ab4d1885fd4f50cbd1d16aac9cab8e97e0c8363471
# docker ps --no-trunc
CONTAINER ID IMAGE
COMMAND CREATED STATUS PORTS
NAMES
23ad18362950f39b638206ab4d1885fd4f50cbd1d16aac9cab8e97e0c8363471
ubuntu "/bin/bash" 4 seconds ago Up 3 seconds
bbb
57bfd00ac5559f72eec8c1b32a01fe38427d66687940f74611e65137414f0ada
ubuntu "/bin/bash" 14 seconds ago Up 14
seconds aaa,bbb/aaa
# docker rm -f bbb
bbb
# docker ps --no-trunc
CONTAINER ID IMAGE
COMMAND CREATED STATUS PORTS
NAMES
57bfd00ac5559f72eec8c1b32a01fe38427d66687940f74611e65137414f0ada
ubuntu "/bin/bash" 29 seconds ago Up 28
seconds aaa,bbb/aaa
# docker rm --link bbb/aaa
Error response from daemon: Cannot get parent /bbb for name /bbb/aaa
```
When we rm container `bbb`, we can still see `bbb/aaa` in `docker ps
--no-trunc`. And this link cannot be deleted since container `bbb` has
already been removed.
We should remove links of a container when it is deleted.
Signed-off-by: Yuanhong Peng <pengyuanhong@huawei.com>
Upstream-commit: 600ad5c1b7b736fba6b103eb99ec87efb050b9ec
Component: engine
Use the (new) plugin fixtures for plugin tests rather than pulling
plugins from hub.
This removes the restriction for platforms/archs since plugin binaries
get built in the test environment.
Future work would be to add test plugins for the various subsystems so
tests that are actually using plugins (e.g. volumes, networks) can be
ported to use the fixtures as well.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 15a538a627e1d0898862c9e6ca7472cd7fb517ce
Component: engine
When a container is paused, signals are sent once the container has been
unpaused.
Instead of forcing the user to unpause a container before they can ever
send a signal, allow the user to send the signals, and in the case of a
stop signal, automatically unpause the container afterwards.
This is much safer than unpausing the container first then sending a
signal (what a user is currently forced to do), as the container may be
paused for very good reasons and should not be unpaused except for
stopping.
Note that not even SIGKILL is possible while a process is paused,
but it is killed the instant it is unpaused.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: c3feb046b9b1eb606cc7e853d020799eb3800e0e
Component: engine
Changes most references of syscall to golang.org/x/sys/
Ones aren't changes include, Errno, Signal and SysProcAttr
as they haven't been implemented in /x/sys/.
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
[s390x] switch utsname from unsigned to signed
per 33267e036f
char in s390x in the /x/sys/unix package is now signed, so
change the buildtags
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
Upstream-commit: 069fdc8a083cb1663e4f86fe3fd9b9a1aebc3e54
Component: engine
Enables other subsystems to watch actions for a plugin(s).
This will be used specifically for implementing plugins on swarm where a
swarm controller needs to watch the state of a plugin.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 72c3bcf2a533a827402945e3a55872e2db4fb024
Component: engine
