GetTasks can call GetService and GetNode with the read lock held. These
methods try to aquire the read side of the same lock. According to the
sync package documentation, this is not safe:
> If a goroutine holds a RWMutex for reading, it must not expect this or
> any other goroutine to be able to also take the read lock until the
> first read lock is released. In particular, this prohibits recursive
> read locking. This is to ensure that the lock eventually becomes
> available; a blocked Lock call excludes new readers from acquiring the
> lock.
Fix GetTasks to use the lower-level getService and getNode methods
instead. Also, use lockedManagerAction to simplify GetTasks.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: bd4f66c8f1f6ad4a2f228a957f293bc157e13d9c
Component: engine
When using a https proxy, an extra HTTP 200 header will be generated.
So we can't rely on detecting the first http header.
$curlHeaders with https proxy:
"HTTP/1.0 200 Connection established <-- the https proxy's response
HTTP/1.1 307 Temporary Redirect
...
"
See https://stackoverflow.com/a/34537988/889429Fixes#34131
Signed-off-by: Jacob Wen <jian.w.wen@oracle.com>
Upstream-commit: 238d17c456c3ff0b8937b33538f6a4b36f829410
Component: engine
Integration test were failing in trial runs for docker-ce 17.07 due to
the lack of go-autogen being sourced in `hack/make.sh`. This re-adds
go-autogen to be sourced for test-integration-cli so that we can
actually run tests without the error found in:
https://github.com/moby/moby/pull/33857
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
Upstream-commit: 3cdd471cac8193c34d8483255065c6c28a7b1645
Component: engine
Specifically, none of the graphdrivers are supposed to return a
not-exist type of error on remove (or at least that's how they are
currently handled).
Found that AUFS still had one case where a not-exist error could escape,
when checking if the directory is mounted we call a `Statfs` on the
path.
This fixes AUFS to not return an error in this case, but also
double-checks at the daemon level on layer remove that the error is not
a `not-exist` type of error.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: d42dbdd3d48d0134f8bba7ead92a7067791dffab
Component: engine
Also fix bad reference to ServiceSpec.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: ea1d14a189d62df34427b037a6d043ae3028760b
Component: engine
The docs did not mention when this information
was set, and what the `-1` value indicated.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 194f635ce7d097f550986bc3169ab59158f5aa68
Component: engine
This adds the new `CreatedAt` field to the API version history
and updates some examples to show this information.
The `CreatedAt` field was implemented in a46f757c4043031379362c5d6b3bad7562ab9fed
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 48a83a3a18185e0ad48737d448524670f8fac4bf
Component: engine
Having a map per log entry seemed heavier than necessary. These
attributes end up being sorted and serialized, so storing them in a map
doesn't add anything (there's no random access element). In SwarmKit,
they originate as a slice, so there's an unnecessary conversion to a map
and back.
This also fixes the sort comparator, which used to inefficiently split
the string on each comparison.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: b642b3f21f17cf50c79e464d3aedc93b2dbf0fb0
Component: engine
The swagger.yml defined these endpoints to return
a "ServiceSpec" instead of a "SecretSpec".
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: f6954bea9f28c62c50b88c895968045cf801aa81
Component: engine
I am getting the following warning from gcc when compiling the daemon:
> # github.com/docker/docker/pkg/devicemapper
> pkg/devicemapper/devmapper_wrapper.go: In function ‘log_cb’:
> pkg/devicemapper/devmapper_wrapper.go:20:2: warning: ignoring return
> value of ‘vasprintf’, declared with attribute warn_unused_result
> [-Wunused-result]
> vasprintf(&buffer, f, ap);
> ^
vasprintf(3) man page says if the function returns -1, the buffer is
undefined, so we should not use it. In practice, I assume, this never
happens so we just return.
Introduced by https://github.com/moby/moby/pull/33845 that resulted in
commit 63328c6 ("devicemapper: remove 256 character limit of libdm logs")
Cc: Aleksa Sarai <asarai@suse.de>
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Upstream-commit: 7da12bcfa9db4d84b2c547bee93dafeaead15b16
Component: engine
Makes sure that debug endpoints are always available, which will aid in
debugging demon issues.
Wraps debug endpoints in the middleware chain so the can be blocked by
authz.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 408c7ade7008ca9b2181e12e51a01250a7a94413
Component: engine
Use unix.Prctl() instead of manually reimplementing it using
unix.RawSyscall. Also use unix.SECCOMP_MODE_FILTER instead of locally
defining it.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Upstream-commit: 6c9d715a8c64a7c782b8c7b57925e1dc19b29517
Component: engine
This documents the Service privileges
API changes, that were added in:
091b5e68ea735bf4e8ece708bbc8c413a32eab73
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: d0a8e73e7b60f61db0c3799643aaccbbf33f3601
Component: engine
Use the (new) plugin fixtures for plugin tests rather than pulling
plugins from hub.
This removes the restriction for platforms/archs since plugin binaries
get built in the test environment.
Future work would be to add test plugins for the various subsystems so
tests that are actually using plugins (e.g. volumes, networks) can be
ported to use the fixtures as well.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 15a538a627e1d0898862c9e6ca7472cd7fb517ce
Component: engine
With docker-17.06.0 some images pulled do not extract properly. Some files don't appear in correct directories. This may or may not cause the pull to fail. These images can't be pushed or saved. 17.06 is the first version of Docker built with go1.8.
Cause
There are multiple updates to the tar package in go1.8.
https://go-review.googlesource.com/c/32234/ disables using "prefix" field when new tar archives are being written. Prefix field was previously set when a record in the archive used a path longer than 100 bytes.
Another change https://go-review.googlesource.com/c/31444/ makes the reader ignore the "prefix" field value if the record is in GNU format. GNU format defines that same area should be used for access and modified times. If the "prefix" field is not read, a file will only be extracted by the basename.
The problem is that with a previous version of the golang archive package headers could be written, that use the prefix field while at the same time setting the header format to GNU. This happens when numeric fields are big enough that they can not be written as octal strings and need to be written in binary. Usually, this shouldn't happen: uid, gid, devmajor, devminor can use up to 7 bytes, size and timestamp can use 11. If one of the records does overflow it switches the whole writer to GNU mode and all next files will be saved in GNU format.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Upstream-commit: 4a3cfda45e37b81211fbfbf0c45dbe64860a3ad0
Component: engine
