Expand the godoc documentation for the graph package.
Centralize DefaultTag in the graphs/tag package instead of defining it
twice.
Remove some unnecessary "config" structs that are only used to pass
a few parameters to a function.
Simplify the GetParentsSize function - there's no reason for it to take
an accumulator argument.
Unexport some functions that aren't needed outside the package.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: d4836cd7ec1c085c5a5caa7eb7f5eda4ace10eb6
Component: engine
Replaced github.com/docker/libcontainer with
github.com/opencontainers/runc/libcontaier.
Also I moved AppArmor profile generation to docker.
Main idea of this update is to fix mounting cgroups inside containers.
After updating docker on CI we can even remove dind.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: c86189d554ba14aa04b6314970d3699e5ddbf4de
Component: engine
As discussed in docker/libcontainer#616,
we should move this behavior to Docker side.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Upstream-commit: 7e0dfbf4cdbb8694a90818b5cd746b92e11a78c7
Component: engine
Move graph related functions in image to graph package.
Consolidating graph functionality is the first step in refactoring graph into an image store model.
Subsequent refactors will involve breaking up graph into multiple types with a strongly defined interface.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: 2b58b677a54950bc78c13760ef79fe6284154847
Component: engine
Move some calls to container.LogEvent down lower so that there's
less of a chance of them being missed. Also add a few more events
that appear to have been missed.
Added testcases for new events: commit, copy, resize, attach, rename, top
Signed-off-by: Doug Davis <dug@us.ibm.com>
Upstream-commit: 8232312c1e705753d3db82dca3d9bb23e59c3b52
Component: engine
Fixes a regression from the volumes refactor where the vfs graphdriver
was setting labels for volumes to `s0` so that they can both be written
to by the container and shared with other containers.
When moving away from vfs this was never re-introduced.
Since this needs to happen regardless of volume driver, this is
implemented outside of the driver.
Fixes issue where `z` and `Z` labels are not set for bind-mounts.
Don't lock while creating volumes
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: b2a43baf2e2cc68c83383a7524441f81bc4c4725
Component: engine
We should let user create container even if the container he wants
join is not running, that check should be done at start time.
In this case, the running check is done by getIpcContainer() when
we start container.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Upstream-commit: 84aae5a22605f8849e7335157afeca471b563a29
Component: engine
It should not be hard limit, we should only check oom kill disable
when user using it.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Upstream-commit: a2f39e7754c5ca1245cc268472ecb92147ba21fa
Component: engine
Add cgroup support for disable OOM killer.
Signed-off-by: Hu Keping <hukeping@huawei.com>
Upstream-commit: a4a924e1b6c50f0f02460489259d73468a6c282e
Component: engine
c79b9bab54167 (Remove engine.Status and replace it with standard go error)
cause a regression that create container won't get any warnings, we still
need this to send useful informations to user.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Upstream-commit: 40ef253ef516a82d4a3d1cf23f7d3bee2a08bc4f
Component: engine
$ docker run -ti --rm -m 300M --memory-swap=-1 ubuntu:14.04
WARNING: Your kernel does not support swap limit capabilities. Limitation discarded.
root@813aafc019d5:/#
When we disable memoryswap, it should not warning swap limit not support.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Upstream-commit: 55cc166e53498a844cd5e96841a25ba1d19924ae
Component: engine
Cgroup resources are host dependent, they should be in hostConfig.
For backward compatibility, we just copy it to hostConfig, and leave it in
Config for now, so there is no regressions, but the right way to use this
throught json is to put it in HostConfig, like:
{
"Hostname": "",
...
"HostConfig": {
"CpuShares": 512,
"Memory": 314572800,
...
}
}
As we will add CpusetMems, CpusetCpus is definitely a better name, but some
users are already using Cpuset in their http APIs, we also make it compatible.
The main idea is keep using Cpuset in Config Struct, and make it has the same
value as CpusetCpus, but not always, some scenarios:
- Users use --cpuset in docker command, it can setup cpuset.cpus and can
get Cpuset field from docker inspect or other http API which will get
config info.
- Users use --cpuset-cpus in docker command, ditto.
- Users use Cpuset field in their http APIs, ditto.
- Users use CpusetCpus field in their http APIs, they won't get Cpuset field
in Config info, because by then, they should already know what happens
to Cpuset.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Upstream-commit: 837eec064d2d40a4d86acbc6f47fada8263e0d4c
Component: engine
Closes#9311 Handles container id/name collisions against daemon functionalities according to #8069
Upstream-commit: 34c804a139cc086e9fa6d3f99442f083b6d5e1e7
Component: engine
Currently docker build is not passing HostConfig to daemon.Create.
this patch creates the default HostConfig and passes it to daemon.Create.
This will cause the SELinux labeling to turn on for docker build. Basically
it causes a SecurtyOpt field to be created. In the future this might also
allow us to use seccomp and UserNamespace with docker build.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Upstream-commit: 8a8dcf1930cbd3354994938d5f8e420fb3e66d95
Component: engine
We want to be able to use container without the PID namespace. We basically
want containers that can manage the host os, which I call Super Privileged
Containers. We eventually would like to get to the point where the only
namespace we use is the MNT namespace to bring the Apps userspace with it.
By eliminating the PID namespace we can get better communication between the
host and the clients and potentially tools like strace and gdb become easier
to use. We also see tools like libvirtd running within a container telling
systemd to place a VM in a particular cgroup, we need to have communications of the PID.
I don't see us needing to share PID namespaces between containers, since this
is really what docker exec does.
So currently I see us just needing docker run --pid=host
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Upstream-commit: 23feaaa240853c0e7f9817f8c2d272dd1c93ac3f
Component: engine
This fixes a small typo in the errormessage for memory-swap.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 5f699a465dd428d6285080ca07cb4a6634952744
Component: engine
There has been a lot of discussion (issues 4242 and 5262) about making
`FROM scratch` either a special case or making `FROM` optional, implying
starting from an empty file system.
This patch makes the build command `FROM scratch` special cased from now on
and if used does not pull/set the the initial layer of the build to the ancient
image ID (511136ea..) but instead marks the build as having no base image. The
next command in the dockerfile will create an image with a parent image ID of "".
This means every image ever can now use one fewer layer!
This also makes the image name `scratch` a reserved name by the TagStore. You
will not be able to tag an image with this name from now on. If any users
currently have an image tagged as `scratch`, they will still be able to use that
image, but will not be able to tag a new image with that name.
Goodbye '511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158',
it was nice knowing you.
Fixes#4242
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Upstream-commit: 8936789919c5c8004f346f44a3452d1521818b60
Component: engine
