When using a volume via the `Binds` API, a shared selinux label is
automatically set.
The `Mounts` API is not setting this, which makes volumes specified via
the mounts API useless when selinux is enabled.
This fix adopts the same selinux label for volumes on the mounts API as on
binds.
Note in the case of both the `Binds` API and the `Mounts` API, the
selinux label is only applied when the volume driver is the `local`
driver.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 5bbf5cc671ec8007bf8e0416799fff01d6a79b7e
Component: engine
And fix remove calls to return a notFound error
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Upstream-commit: 81bb9978ab5ac99e84a5bf62d0d469f0aec1d506
Component: engine
Use strongly typed errors to set HTTP status codes.
Error interfaces are defined in the api/errors package and errors
returned from controllers are checked against these interfaces.
Errors can be wraeped in a pkg/errors.Causer, as long as somewhere in the
line of causes one of the interfaces is implemented. The special error
interfaces take precedence over Causer, meaning if both Causer and one
of the new error interfaces are implemented, the Causer is not
traversed.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: ebcb7d6b406fe50ea9a237c73004d75884184c33
Component: engine
Do not set a default value for swappiness as the default value should be
`nil`
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: 9d87e6e0fb799d6ef3bb9a97bc523f8d343b5fb3
Component: engine
This fixes an issue where if a stop signal is set, and a user sends
SIGKILL, `container.ExitOnNext()` is not set, thus causing the container
to restart.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 114652ab86609e5c0cbfad84f642942b466a0596
Component: engine
99.9% of use case for request call are using daemonHost. This makes it
default and adds a `request.DoOnHost` function to be able to specify
the host for specific, more complex use cases.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: b11ba1231ef0ac99279ed5dcd76d81413d7d63b5
Component: engine
When moving the clean function there, this check was not ported and
generated some errors on the CI. `deleteContainer` now fail if any
error but the clean function won't if "no such container" (because of
some races -_-).
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 5dd89abdf1ec3e633ce01e74d1c47f8eb02fa31e
Component: engine
`request.SockRequestRaw` is deprecated, let's use appropriate methods
for those. This is a first pass, `SockRequest` still needs to be removed.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: f85ee17810ca55a3104f8a7d8945bd16ac526dd0
Component: engine
There is 5 calls left, that use StdinPipe that is not yet supported by
icmd.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: ecbb0e62f66da7d698c4f4583f36b927d8cfa811
Component: engine
- Remove deprecated buildImage* functions
- Rename buildImageNew to buildImage
- Use *check.C in fakeContext* setup and in getIdByName
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: c10f6ef43f884306eb3ef60b2d19fdc931cf34cc
Component: engine
- Join a few tests in one when it makes sense (reduce the number of
container run and thus the overall time of the suites)
- Remove some duplication on several tests
- Remove some unused methods
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 9af5d7c34039d5e9d8a7dca6ea148147dc482dee
Component: engine
The goal is to remove function from `docker_utils.go` and setup
simple, one-responsability package that can be well tested ; and to
ease writing request.
This moves all the calls to `sockRequest` (and similar methods) to
their counterpart in the `request` package.
This introduce `request.Do` to write easier request (with functional
argument to easily augment the request) with some pre-defined function
for the most used http method (i.e. `request.Get`, `request.Post` and
`request.Delete`).
Few of the `sockRequest` call have been moved to `request.Do` (and
`Get`, etc.) to showcase the usage of the package. There is still a
whole lot to do.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: d69d4799a312dfcae63442e290ae6667afd1a038
Component: engine
If the container is not found when removing, it means it's already not
there anymore, so it's safe to ignore. This should reduce a bit some
`TearDown` flakyness..
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 636d6ee57c85df086823e998077d83dc0bb94035
Component: engine
This will help when extracting suites in their own package.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 930a9869f6cb13bcdd44def2d445cb4505f2dd50
Component: engine
the restart policy validation was moved from
the client to the daemon in 94e95e4711643640701bd614902e75a2d01f12c5
As part of that change, retry-counts < 1
were marked as "invalid".
However, the default is 0 (unlimited), causing
docker run -d --restart=on-failure nginx
To fail.
This changes the validation to only invalidate
retry-counts < 0.
A test was added, and other tests renamed
to allow running just these tests :)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 9db5d649aea1c3d4728d0159bb5175a49f77748e
Component: engine
No substantial code change.
- Api --> API
- Cli --> CLI
- Http, Https --> HTTP, HTTPS
- Id --> ID
- Uid,Gid,Pid --> UID,PID,PID
- Ipam --> IPAM
- Tls --> TLS (TestDaemonNoTlsCliTlsVerifyWithEnv --> TestDaemonTLSVerifyIssue13964)
Didn't touch in this commit:
- Git: because it is officially "Git": https://git-scm.com/
- Tar: because it is officially "Tar": https://www.gnu.org/software/tar/
- Cpu, Nat, Mac, Ipc, Shm: for keeping a consistency with existing production code (not changable, for compatibility)
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
Upstream-commit: 7fb7a477d79c67ab53c432977780662ccbfeec57
Component: engine
`Mounts` allows users to specify in a much safer way the volumes they
want to use in the container.
This replaces `Binds` and `Volumes`, which both still exist, but
`Mounts` and `Binds`/`Volumes` are exclussive.
The CLI will continue to use `Binds` and `Volumes` due to concerns with
parsing the volume specs on the client side and cross-platform support
(for now).
The new API follows exactly the services mount API.
Example usage of `Mounts`:
```
$ curl -XPOST localhost:2375/containers/create -d '{
"Image": "alpine:latest",
"HostConfig": {
"Mounts": [{
"Type": "Volume",
"Target": "/foo"
},{
"Type": "bind",
"Source": "/var/run/docker.sock",
"Target": "/var/run/docker.sock",
},{
"Type": "volume",
"Name": "important_data",
"Target": "/var/data",
"ReadOnly": true,
"VolumeOptions": {
"DriverConfig": {
Name: "awesomeStorage",
Options: {"size": "10m"},
Labels: {"some":"label"}
}
}]
}
}'
```
There are currently 2 types of mounts:
- **bind**: Paths on the host that get mounted into the
container. Paths must exist prior to creating the container.
- **volume**: Volumes that persist after the
container is removed.
Not all fields are available in each type, and validation is done to
ensure these fields aren't mixed up between types.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: fc7b904dced4d18d49c8a6c47ae3f415d16d0c43
Component: engine
This moves the types for the `engine-api` repo to the existing types
package.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: 91e197d614547f0202e6ae9b8a24d88ee131d950
Component: engine
This fix tries to address the issue in 25000 where `docker stats`
will not show network stats with `NetworkDisabled=true`.
The `NetworkDisabled=true` could be either invoked through
remote API, or through `docker daemon -b none`.
The issue was that when `NetworkDisabled=true` either by API or
by daemon config, there is no SandboxKey for container so an error
will be returned.
This fix fixes this issue by skipping obtaining SandboxKey if
`NetworkDisabled=true`.
Additional test has bee added to cover the changes.
This fix fixes 25000.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 7bb9c5397e69866fcb1142cda430b842a710f751
Component: engine
