The error message;
unable to delete .... (must be forced) - image is referenced in one or more repositories
Looks to be incorrect
Given the following images:
docker images | grep 2d36b1c0ea40
registry 2 2d36b1c0ea40 7 weeks ago 171.2 MB
registry 2.4.1 2d36b1c0ea40 7 weeks ago 171.2 MB
Removing the image by *id* fails:
docker rmi 2d36b1c0ea40
Error response from daemon: conflict: unable to delete 2d36b1c0ea40 (must be forced) - image is referenced in one or more repositories
However, after untagging one image:
docker rmi registry:2
Untagged: registry:2
Removing the image works:
docker rmi 2d36b1c0ea40
Untagged: registry:2.4.1
Deleted: sha256:2d36b1c0ea40159adc8b36f7563f1d7a6d443384fe2611e8b393c1cb3ae2e6ad
Deleted: sha256:7abfddbf4e61927307b6646010845eeb7513ecc6541f33ea6103b2493e36aa4e
Deleted: sha256:f512d7699dbb2994fe15d30ee1d404e57b58c3c310617b4471db649680b4cfa0
Deleted: sha256:7291e34714908270aeda93f1dc681485f9734d41314e2fdc6c11f32ffa782a21
Deleted: sha256:548f6562929484f3d78267e4b1e31dcfeb9f303059668888b4423ce5501c7fbc
Deleted: sha256:afe56b46629e6d8e0bfc36fed13395a7cfa2bd83b58bb489976ef13553eff20b
Deleted: sha256:cf0c3bd5d6a0a14ebf96cc7d3df79a37774a70f3086273e09da71a86fe74fec2
Deleted: sha256:c5fdaf8b055f544d0211043e687905315c3a0b71c1c08df07e473dd0a30e43c8
docker images | grep 2d36b1c0ea40
<empty>
This changes the error message to reflect that behavior
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: f0988dd39598a46d911abc54c19fc3377698d630
Component: engine
Unix sockets are limited to 108 bytes. As a result, we need to be
careful in not using exec-root as the parent directory for pluginID
(which is already 64 bytes), since it can result in socket path names
longer than 108 bytes. Use /tmp instead. Before this change, setting:
- dockerd --exec-root=/go/src/github.com/do passes
- dockerd --exec-root=/go/src/github.com/doc fails
After this change, there's no failure.
Also, write a volume plugins test to verify that the plugins socket
responds.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
Upstream-commit: 21ecd5a93db34288c0c579d5738030716d7bef2d
Component: engine
Add a `--network` flag which replaces `--net` without deprecating it
yet. The `--net` flag remains hidden and supported.
Add a `--network-alias` flag which replaces `--net-alias` without deprecating
it yet. The `--net-alias` flag remains hidden and supported.
Signed-off-by: Arnaud Porterie (icecrime) <arnaud.porterie@docker.com>
Upstream-commit: c0c7d5e71586ec8e4d54aef9e061f061e9223cc4
Component: engine
Kernel memory is not allowed to be updated if container is
running, it's not actually a precise kernel limitation.
Before kernel version 4.6, kernel memory will not be accounted
until kernel memory limit is set, if a container created with
kernel memory initialized, kernel memory is accounted as soon
as process created in container, so kernel memory limit update
is allowed afterward. If kernel memory is not initialized,
kernel memory consumed by processes in container will not be
accounted, so we can't update the limit because the account
will be wrong.
So update kernel memory of a running container with kernel memory
initialized is allowed, we should soften the limitation by docker.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Upstream-commit: 08c7075c403b86111b2c393b49075a81a1d2263f
Component: engine
In the API:
`Writable` changed to `ReadOnly`
`Populate` changed to `NoCopy`
Corresponding CLI options updated to:
`volume-writable` changed to `volume-readonly`
`volume-populate` changed to `volume-nocopy`
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 56f3422468a0b43da7bae7a01762ce4f0a92d9ff
Component: engine
The current behavior of `docker swarm init` is to set up a swarm that
has no secret for joining, and does not require manual acceptance for
workers. Since workers may sometimes receive sensitive data such as pull
credentials, it makes sense to harden the defaults.
This change makes `docker swarm init` generate a random secret if none
is provided, and print it to the terminal. This secret will be needed to
join workers or managers to the swarm. In addition to improving access
control to the cluster, this setup removes an avenue for
denial-of-service attacks, since the secret is necessary to even create
an entry in the node list.
`docker swarm init --secret ""` will set up a swarm without a secret,
matching the old behavior. `docker swarm update --secret ""` removes the
automatically generated secret after `docker swarm init`.
Closes#23785
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 7342e42fcecbc243bcb8723b8422879662452017
Component: engine
This is done in a hacky way as currently there is no better way.
Uses known implementation details about how tasks are scheduled to be
able to operate on the underlying container.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: e5ec575b32d6979914dce576f1b8bb71f3057cea
Component: engine
[carry 23503] Always store the image digest when pulling and pushing an image.
Upstream-commit: ee0283c97a44fd8e67f2df81d076eb4b1858b3d2
Component: engine
schema1 manifests is not working on ARM64, we should skip integration-cli
tests for schema1 manifests on ARM64.
Signed-off-by: Lei Jitang <leijitang@huawei.com>
Upstream-commit: 9c1566a1dfa3eccd12e09a3e2cbda60503600d44
Component: engine
