Without this fix, `docker -l info ` would not complete the commands.
Signed-off-by: Harald Albers <github@albersweb.de>
Upstream-commit: aab82c5c2230fa328bfac3c156b482634a42b73c
Component: engine
It's a bit confusing: the "global options" are valid as "global options"
for all client commands (i.e. all but daemon).
Example: `docker --log-level info run`
For `docker daemon`, these "global options" are only valid as "command
options".
Example: `docker daemon --log-level info`
As command completion cannot tell which command the user is going to
type next, completion for the daemon command has to allow illegal
syntaxes like
`docker --log-level info daemon --log-level info`
Signed-off-by: Harald Albers <github@albersweb.de>
Upstream-commit: e0dad9a153fb8aad44cc36aa4bd14e297b5f120c
Component: engine
Add tools to the apparmor profile that are needed when -s devicemapper is
in the docker daemon's command line.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
Upstream-commit: 9dbc36b44146c82804206c1240b94216b69c740e
Component: engine
The engine policy will now only complain
as a temporary measure to ensure we do not
cause breakages while users exercise this
policy.
This is NOT the policy for containers, but
for the newly-introduced policy for the
daemon itself.
Signed-off-by: Eric Windisch <eric@windisch.us>
Upstream-commit: 6c887be76951e802900a07e16aeaf0a079ac4534
Component: engine
Implements the policies for the remaining binaries
called by the Docker engine and eliminates the
giant whitelisted 'all files' permission in favor
of granular whitelisting and child-specific policies.
It should be possible now to remove the 'file' permission,
but for the sake of keeping Docker unbroken, we'll try
to gradually tighten the policy.
Signed-off-by: Eric Windisch <eric@windisch.us>
Upstream-commit: 8b2fcddcd251e58473abf6c4949573e03f44bb96
Component: engine
Will attempt to load profiles automatically. If loading fails
but the profiles are already loaded, execution will continue.
A hard failure will only occur if Docker cannot load
the profiles *and* they have not already been loaded via
some other means.
Also introduces documentation for AppArmor.
Signed-off-by: Eric Windisch <eric@windisch.us>
Upstream-commit: 3edc88f76df6a3bc9d887de8157ec71730c9057a
Component: engine
A bash completion file shouldn't have a executable bit set.
Just change file mode to 644 (instead of 755).
Signed-off-by: Dieter Reuter <dieter.reuter@me.com>
Upstream-commit: 37169daddabe19754659d8e28aaa1bf4f31c6124
Component: engine
Without this fix, `docker --log-opt ` would not complete anything
because the completions were driver specific.
Signed-off-by: Harald Albers <github@albersweb.de>
Upstream-commit: de40f3997a7aae94e925d8f694e2161b1b1b92bb
Component: engine
Without this fix, `docker --log-driver fluentd --log-opt fluentd-tag=b`
would complete `b` to `build`.
Completion of the commands has to be nailed to __docker_pos_first_nonflag
Signed-off-by: Harald Albers <github@albersweb.de>
Upstream-commit: 6de8dd1a6e37ea6ef04d779c6348452c1a3c2370
Component: engine
Wraps the engine itself with an AppArmor policy.
This restricts what may be done by applications
we call out to, such as 'xz'.
Significantly, this policy also restricts the policies
to which a container may be spawned into. By default,
users will be able to transition to an unconfined
policy or any policy prefaced with 'docker-'.
Local operators may add new local policies prefaced
with 'docker-' without needing to modify this policy.
Operators choosing to disable privileged containers
will need to modify this policy to remove access
to change_policy to unconfined.
Signed-off-by: Eric Windisch <eric@windisch.us>
Upstream-commit: 39dae54a3f40035b1b7e5ca86c53d05dec832ed2
Component: engine
By using the 'unconfined' policy for privileged
containers, we have inherited the host's apparmor
policies, which really make no sense in the
context of the container's filesystem.
For instance, policies written against
the paths of binaries such as '/usr/sbin/tcpdump'
can be easily circumvented by moving the binary
within the container filesystem.
Fixes GH#5490
Signed-off-by: Eric Windisch <eric@windisch.us>
Upstream-commit: 87376c3add7dcd48830060652554e7ae43d11881
Component: engine
The automatic installation of AppArmor policies prevents the
management of custom, site-specific apparmor policies for the
default container profile. Furthermore, this change will allow
a future policy for the engine itself to be written without demanding
the engine be able to arbitrarily create and manage AppArmor policies.
- Add deb package suggests for apparmor.
- Ubuntu postinst use aa-status & fix policy path
- Add the policies to the debian packages.
- Add apparmor tests for writing proc files
Additional restrictions against modifying files in proc
are enforced by AppArmor. Ensure that AppArmor is preventing
access to these files, not simply Docker's configuration of proc.
- Remove /proc/k?mem from AA policy
The path to mem and kmem are in /dev, not /proc
and cannot be restricted successfully through AppArmor.
The device cgroup will need to be sufficient here.
- Load contrib/apparmor during integration tests
Note that this is somewhat dirty because we
cannot restore the host to its original configuration.
However, it should be noted that prior to this patch
series, the Docker daemon itself was loading apparmor
policy from within the tests, so this is no dirtier or
uglier than the status-quo.
Signed-off-by: Eric Windisch <eric@windisch.us>
Upstream-commit: 80d99236c1ef9d389dbaca73c1a949da16b56b42
Component: engine
This solves several problems that arise from the special treatment of
"=" in Bash.
The fix was required as some log drivers have options in a key=value
form. It also addresses the --option=value and the negated boolean syntax
(--boolean=false).
Note that this is not a general fix for these problems, it is limited to
the __docker_pos_first_nonflag function.
Signed-off-by: Harald Albers <github@albersweb.de>
Upstream-commit: 38acec94c49e6730ae6bdef86b85f529c1dddda6
Component: engine
- Add fluentd logging driver to zsh completion #12876
- Add inspect --type flag to zsh completion #13187
- Respect -H option in zsh completion #13195
- Fix number of argument limit for pause and unpause in zsh completion
Signed-off-by: Steve Durrheimer <s.durrheimer@gmail.com>
Upstream-commit: 12f67141f932db15fa9178b3304c7efbd485fd69
Component: engine
