This leaks information about keyrings on the host. Keyrings are
not namespaced.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Upstream-commit: de23cb939858a66829d5b75057c7ac664c5acda5
Component: engine
Use the default version because it is used by the client package
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Upstream-commit: e73d742cd7deee396eac3c97664b40264ee358cb
Component: engine
Test made some bad assumptions about on-disk state of volume data.
This updates the test to only test based on what the volume API is
designed to provide.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 0df654f3d61d8691ee113a8429bcc8ef65786bc7
Component: engine
The function name should be TestUpdateCPUQuota and not TestUpdateCPUQUota.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Upstream-commit: 31825081d4c5e643a150b515547cb2a2ea223de4
Component: engine
Use client instead of helpers for TLS in integration test
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Upstream-commit: a68ae4a2d95b1ff143025a435195af0f1ab30ace
Component: engine
1. Use integration/internal/exec, removing the getContainerSysFSValue().
2. Avoid repeating magic numbers, use a variable for those.
3. Fix order of arguments to assert.Equal (first "expected", then "actual").
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Upstream-commit: 0f9da07b569f0d9cbe574db3af3951b4d5c968c0
Component: engine
An implementation of exec in TestUpdateCPUQUota had a few issues,
including resource leaking and calling both ContainerExecAttach and
ContainerExecRun. The last one makes the test flaky:
update_linux_test.go:136: expected cgroup value 20000, got: Error: Exec
command f923baf709525f6b38f6511126addc5d9bb88fb477eeca1c22440551090fa2bb
is already running
Fix by using the integration/internal/exec package.
While at it, use require/assert to further improve code readability.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Upstream-commit: 8a7d6143fca69623e2f5d409328c97603843ccb6
Component: engine
Some test cases might need an ability to execute a command inside a
container (in order to analyse its output and/or exit code). It is a bit
complicated operation to do so using engine API. The function provided
aims to hide this complexity, making exec almost as simple as 'docker
exec'.
NOTE that the exec is synchronous, and command's stdin is closed.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Upstream-commit: 01143afe54f1be7308c5663a0cc110740626c62b
Component: engine
When a container is created if "--network" is set to "host" all the
ports in the container are bound to the host.
Thus, adding "-p" or "--publish" to the command-line is meaningless.
Unlike "docker run" and "docker create", "docker service create" sends
an error message when network mode is host and port bindings are given
This patch however suggests to send a warning message to the client when
such a case occurs.
The warning message is added to "warnings" which are returned from
"verifyPlatformContainerSettings".
Signed-off-by: Boaz Shuster <ripcurld.github@gmail.com>
Upstream-commit: 6e78fdb790d2e1dbf95a1733cab9395b1b936622
Component: engine
This updates the containerd/continuity package to d8fb8589b0e8e85b8c8bbaa8840226d0dfeb7371
which fixes builds failing on ARM 32-bit, after this dependency was added in
b3aab5e31faf04d8a29f17be55562e4d0c0cb364
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: f0947a541866ca05b030afe07dd659887a655e3e
Component: engine
Makes sure if the user specifies an older API version that we don't pass
through templating options for versions that templating was not
supported.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: a407761e483d9c5ea425a6fd5e55fec03a90485c
Component: engine
On unix, merge secrets/configs handling. This is important because
configs can contain secrets (via templating) and potentially a config
could just simply have secret information "by accident" from the user.
This just make sure that configs are as secure as secrets and de-dups a
lot of code.
Generally this makes everything simpler and configs more secure.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: c02171802b788fb2d4d48bebcee2a57c8eabeeaa
Component: engine
This makes configs and secrets behavior identical.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 8e8f5f4457d8e1b02031576dbc18c903be4bcfb6
Component: engine
The BurntSushi/toml code is now re-licensed as MIT. While
the vendored package was already updated, the tomlv binary
used was still using the old license type.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 508d5a0bc00400fb41395223cb4c8be3d9b74ade
Component: engine
This is only for the case when dockerd has had to re-mount the daemon
root as shared.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 487c6c7e73dbb7871e80d75f176dd2a3539a2947
Component: engine
