Btrfs graph driver is not experimental now according to #4838 and CHANGELOG.md is saying "btrfs is no longer considered experimental.".
Docker-DCO-1.1-Signed-off-by: Ken ICHIKAWA <ichikawa.ken@jp.fujitsu.com> (github: ichik1)
Upstream-commit: 58588009c00d1c7dd279b95d33759f61499c2848
Component: engine
docker will run the process(es) within the container with an SELinux label and will label
all of the content within the container with mount label. Any temporary file systems
created within the container need to be mounted with the same mount label.
The user can override the process label by specifying
-Z With a string of space separated options.
-Z "user=unconfined_u role=unconfined_r type=unconfined_t level=s0"
Would cause the process label to run with unconfined_u:unconfined_r:unconfined_t:s0"
By default the processes will run execute within the container as svirt_lxc_net_t.
All of the content in the container as svirt_sandbox_file_t.
The process mcs level is based of the PID of the docker process that is creating the container.
If you run the container in --priv mode, the labeling will be disabled.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Upstream-commit: 4c4356692580afb3971094e322aea64abe0e2500
Component: engine
Enable build tags for all the graphdrivers to be excludable.
As an example:
```
$ go build
$ ls -l docker
-rwxr-xr-x 1 vbatts vbatts 18400158 Mar 14 14:22 docker*
$ go build -tags "exclude_graphdriver_aufs exclude_graphdriver_vfs exclude_graphdriver_devicemapper"
$ ls -l docker
-rwxr-xr-x 1 vbatts vbatts 17467068 Mar 14 14:22 docker*
```
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
Upstream-commit: 670ce98c60dbac1d46a59bd69bd20b569f4794f1
Component: engine
Remove reference to <linux/btrfs.h>, and instead use <btrfs/ioctl.h> like we're supposed to (from btrfs-progs)
Upstream-commit: fb796900fbcd11ae63e918f91b226463619bb152
Component: engine
While there, remove the now-outdated section about `CGO_ENABLED=0`
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: 7ffd2b0785529b0b71bec90c8468dc3cb4b37525
Component: engine
This fixes compilation issues when btrfs.h isn't available (because we just need the relevant structs, which for userspace programs are supposed to come from btrfs-progs instead of the kernel headers).
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: 6922f1be08111d889b0585b763b08f92d7a55e05
Component: engine
We no longer call out to tar, so this is not needed.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 8a4824d1ad2fafd158fbaad52a658c5fd3f7de30
Component: engine
I personally tested this using our container, and this was the lowest version that compiles and runs properly.
Docker-DCO-1.0-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: 7626e9fd6448cbaa92632f2ce9cab70e9e142d8a
Component: engine
After a nice long brainstorming session with @shykes on IRC, we decided on using a SHA1 hash of dockerinit compiled into the dynamic docker binary to ensure that we always use the two in a perfect pair, and never mix and match.
Upstream-commit: 21161dbd515fb97cf9052a5980de6fc6180a89dc
Component: engine
