Vendoring libnetwork commit: 8fb0a8bc9e3166216ca3da2d0bb15332f6685745
- Fixes breakage in k/v store handling logic in experimental
- Adds back all the fixes that went in 1.7.1 to master
- Change VXLAN port in overlay driver to IANA assigned port
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
Upstream-commit: c6dc6bcbb8d7e9caa0ef9e75e4d223cf310dad9f
Component: engine
When a container is started with `--net=host` with
a particular name and it is subsequently destroyed,
then all subsequent creations of the container with
the same name will fail. This is because in `--net=host`
the namespace is shared i.e the host namespace so
trying to destroy the host namespace by calling
`LeaveAll` will fail and the endpoint is left with
the dangling state. So the fix is, for this mode, do
not attempt to destroy the namespace but just cleanup
the endpoint state and return.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
Upstream-commit: 9bb69f9726e7f8cba0cdf681e5060e47b9c45298
Component: engine
- brings in vxlan based native multihost networking
- added a daemon flag required by libkv for dist kv operations
- moved the daemon flags to experimental
Signed-off-by: Madhu Venugopal <madhu@docker.com>
Upstream-commit: 508065a7adc84e5e63f47b00c379dad6a79d3c5e
Component: engine
This commit also brings in the ability to specify a default network and its
corresponding driver as daemon flags. This helps in existing clients to
make use of newer networking features provided by libnetwork.
Signed-off-by: Madhu Venugopal <madhu@docker.com>
Upstream-commit: da5a3e6dee80f1f5d4059851e4762ffb0484f7e9
Component: engine
This PR brings the vendored libnetwork code to
3be488927db8d719568917203deddd630a194564, which pulls in quite a few
fixes to support kvstore, windows daemon compilation fixes,
multi-network support for Bridge driver, etc...
Signed-off-by: Madhu Venugopal <madhu@docker.com>
Upstream-commit: 083300168fb0f42e022e9fa2ce47a7b2aac9967a
Component: engine
allows to send container logs to Graylog or Logstash.
Signed-off-by: Marius Sturm <marius@graylog.com>
Upstream-commit: 96d06e106fb9e35e5a526054d3aa0152152a9cc4
Component: engine
It includes fix for mounting / as volume on SELinux.
docker/libcontainer#619
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: 38acd31e8a99ef043f9a5cf84f968ebebc31614e
Component: engine
When the daemon is going down trigger immediate
garbage collection of libnetwork resources deleted
like namespace path since there will be no way to
remove them when the daemon restarts.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
Upstream-commit: c68e7f96f9636a9b2ab0c2c0dbf753161fa73fc2
Component: engine
To ensure manifest integrity when pulling by digest, this changeset ensures
that not only the remote digest provided by the registry is verified but also
that the digest provided on the command line is checked, as well. If this check
fails, the pull is cancelled as with an error. Inspection also should that
while layers were being verified against their digests, the error was being
treated as tech preview image signing verification error. This, in fact, is not
a tech preview and opens up the docker daemon to man in the middle attacks that
can be avoided with the v2 registry protocol.
As a matter of cleanliness, the digest package from the distribution project
has been updated to latest version. There were some recent improvements in the
digest package.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
Upstream-commit: 06612cc0fee103bf6f46429e3cd572725ef72948
Component: engine
This version brings in upto-date important bug-fixes from libnetwork
Signed-off-by: Madhu Venugopal <madhu@docker.com>
Upstream-commit: a3d22c764cfc3e175cdfb992f3b2314f23540236
Component: engine
If a container was started with a non-root user the container
may not be able to resolve DNS names because of too restrictive
permission in the /etc/resolv.conf container file. This problem
is in how this file gets created in libnetwork and ths PR
attempts to fix the issue by vendoring in the libnetwork code
with the fix.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
Upstream-commit: afd901e408d8d4ed00707c545ae985bc637a1979
Component: engine
It adds List function for listing all supported caps
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: 5a2d592c27e93cf7f3d01216cf6e22656330fe84
Component: engine
Previously, we've taken advantage of the fact that libcontainer's `update-vendor.sh` is the same syntax as Docker's `vendor.sh` with some shell magic. This changes that to copy libcontainer's dependencies into this file explicitly so that we can scale to more projects with varying methods of vendoring (assuming they don't use import re-writing, which screws up everyone).
We'll need to stay diligent in making sure this list matches what's in libcontainer's `update-vendor.sh` (minus the not-required codegangsta/cli dep), but that's a fair trade-off for being able to scale our dependency model better (and track new discrete dependencies more directly).
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Upstream-commit: b919dee8347a47763d576136254bcbc922ef4c57
Component: engine
To help avoid version mismatches between libcontainer and Docker, this updates libcontainer to be the source of truth for which version of logrus the project is using. This should help avoid potential incompatibilities in the future, too. 👍
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Upstream-commit: 80a895142e7101b44ff71910bb2da994b1cc4f5f
Component: engine
This includes a fix for the minor v2 API change introduced by 341a37095f. 👍
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Upstream-commit: b447fef7ecb740bc0f9ece75e10926fc5f121b5c
Component: engine
