When a container is paused, signals are sent once the container has been
unpaused.
Instead of forcing the user to unpause a container before they can ever
send a signal, allow the user to send the signals, and in the case of a
stop signal, automatically unpause the container afterwards.
This is much safer than unpausing the container first then sending a
signal (what a user is currently forced to do), as the container may be
paused for very good reasons and should not be unpaused except for
stopping.
Note that not even SIGKILL is possible while a process is paused,
but it is killed the instant it is unpaused.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: c3feb046b9b1eb606cc7e853d020799eb3800e0e
Component: engine
Fix run `docker rename <container-id> new_name` concurrently, the container will have multi names
Upstream-commit: 8e3555f8539d91f530f895e19a51db14f1ca93fb
Component: engine
Do not allow sharing of container network with hyperv containers
Signed-off-by: Madhan Raj Mookkandy <madhanm@microsoft.com>
Upstream-commit: 349913ce9fde34d8acd08fad5ce866401f4d135e
Component: engine
Enables other subsystems to watch actions for a plugin(s).
This will be used specifically for implementing plugins on swarm where a
swarm controller needs to watch the state of a plugin.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 72c3bcf2a533a827402945e3a55872e2db4fb024
Component: engine
Before this patch, a log reader is able to block all log writes
indefinitely (and other operations) by simply opening the log stream and
not consuming all the messages.
The reason for this is we protect the read stream from corruption by
ensuring there are no new writes while the log stream is consumed (and
caught up with the live entries).
We can get around this issue because log files are append only, so we
can limit reads to only the section of the file that was written to when
the log stream was first requested.
Now logs are only blocked until all files are opened, rather than
streamed to the client.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: e2209185ed1c959131d4068ec7fc93e194dc0802
Component: engine
When run `docker rename <container-id> new_name` concurrently, every operation will release
container's old name. So container will have multi new names reserve in nameIndex.
Signed-off-by: Yang Pengfei <yangpengfei4@huawei.com>
Upstream-commit: cc2340689c431504689d01c9516b3a340b2e8dbc
Component: engine
Go 1.9 (golang/go@66b5a2f) removed file type bits from
archive/tar.FileInfoHeader().
This commit ensures file type bits are filled even on Go 1.9 for
compatibility.
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
Upstream-commit: 1a451d9a7bb9cd7d437b42d4e73b0560fbf84348
Component: engine
COmmit 0307fe1a0bcdc02583a24add41eb783c117bad8c added
a new `DataPathAddr` property to the swarm/init and swarm/join
endpoints. This property was not yet added to the
documentation.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: c79c16910c0f3d6e88f2dc6ef609ecc3b02ccef9
Component: engine
Do not set a default value for swappiness as the default value should be
`nil`
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: 9d87e6e0fb799d6ef3bb9a97bc523f8d343b5fb3
Component: engine
Description:
1. start a container with restart=always.
`docker run -d --restart=always ubuntu sleep 3`
2. container init process exits.
3. use `docker pause <id>` to pause this container.
if the pause action is before cgroup data is removed and after the init process died.
`Pause` operation will success to write cgroup data, but actually do not freeze any process.
And then docker received pause event and stateExit event from
containerd, the docker state will be Running(paused), but the container
is free running.
Then we can not remove it, stop it , pause it and unpause it.
Signed-off-by: Wentao Zhang <zhangwentao234@huawei.com>
Upstream-commit: fe1b4cfba6320793373c5397641d743d9fe94cf8
Component: engine
the filemode should be 0640 but not 06400
Signed-off-by: Lei Jitang <leijitang@huawei.com>
Upstream-commit: 96ea8eaa1592856e0829c3465e64f93911d3e389
Component: engine
This dependency was temporarily forked, but
the fork was removed in db37a86d37431a1d82505cf6adc91a5d91dad146.
This patch removes the comment
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: fe877c2b959b60d953ad4b2d3eeda377add575a5
Component: engine
The name/ID relationships are maintained separately from the memdb and
can be out of sync from any particular memdb snapshot. If a container
does not exist in the memdb, we must accept this as normal and not fail
the listing. This is consistent with what the code used to do before
memdb was introduced.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: d257a63fb6a2ad0c2369981914544add389917bf
Component: engine
Recently, it's become necessary to build dynbinaries on certain
distributions, so make it easier for users to build dynbinaries. It
looks like this was just an oversight when we added dynbinary builds.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Upstream-commit: c81255c9c0314b81ab27f6afd7646cdd259e6495
Component: engine
Before this patch, if the plugin's `config.json` is successfully removed
but the main plugin state dir could not be removed for some reason (e.g.
leaked mount), it will prevent the daemon from being able to be
restarted.
This patches changes this to atomically remove the plugin such that on
daemon restart we can detect that there was an error and re-try. It also
changes the logic so that it only logs errors on restore rather than
erroring out the daemon.
This also removes some code which is now duplicated elsewhere.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 11cf394e5ea964636294a219872b188fe5bdf4dd
Component: engine
If a client is initialized without a specific
version set, version negotiation would not be
functional.
This patch changes the behavior to always
perform version negotation (if called), in
which case the "current" (maximum supported
API version) is used as a default.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 5975dc4b4b8a6fa2e0edd1f1b113e7f66dad732b
Component: engine
If a container doesn't exist in the memdb, First will return nil, not an
error. This should be checked for before using the result.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: c26b0cdfd1a026af88fcfbed9d3c3acdd6d171a0
Component: engine
With debug logging turned on, we currently log the base64-encoded secret
payload.
Change the middleware code to redact this. Since the field is called
"Data", it requires some context-sensitivity. The URI path is examined
to see which route is being invoked.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 3fbc352cbbce06cd3001d6b14b2b1ebcb4d42cd5
Component: engine
