This fix migrates several resize tests from integration-cli to api tests.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 8f800c941570ffcd087c920c37d3a368a5a19e6d
Component: engine
This fix migrates TestAPIStatsContainerGetMemoryLimit from
integration-cli to api test.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: d5cbde514f4887f5655096bce05faa7b91068038
Component: engine
This fix migrates TestAPIUpdateContainer from integration-cli to api tests
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 490edd35829a7dd1144da50105fc377d41a52fc0
Component: engine
This fix migrate TestLinksEtcHostsContentMatch
to api test.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: e6bd20edcbf3b7a6f87a356ab0943714936c70e1
Component: engine
This fix migrate docker_cli_stop_test.go to api test
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 4f378124ff649b844de88c93f6ca70e6b3f5d7d7
Component: engine
It's a common scenario for admins and/or monitoring applications to
mount in the daemon root dir into a container. When doing so all mounts
get coppied into the container, often with private references.
This can prevent removal of a container due to the various mounts that
must be configured before a container is started (for example, for
shared /dev/shm, or secrets) being leaked into another namespace,
usually with private references.
This is particularly problematic on older kernels (e.g. RHEL < 7.4)
where a mount may be active in another namespace and attempting to
remove a mountpoint which is active in another namespace fails.
This change moves all container resource mounts into a common directory
so that the directory can be made unbindable.
What this does is prevents sub-mounts of this new directory from leaking
into other namespaces when mounted with `rbind`... which is how all
binds are handled for containers.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: eaa5192856c1ad09614318e88030554b96bb6e81
Component: engine
Fixes an issue where if cpu quota/period is sent via the update API, the
values are updated in the stored container data but not actually sent to
the running container.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 86ba63db82e87c943c9dee52559118e46f23defc
Component: engine
Now we only adjust the timeout value for `arm` while not `arm64`,
actually the avarage duration for this test is about 25s to crate
multiple services on arm64, else the integration test will terminate
with below error:
> --- FAIL: TestCreateServiceMultipleTimes (24.11s)
> daemon.go:285: [ddc3c7c1476c2] waiting for daemon to start
> daemon.go:317: [ddc3c7c1476c2] daemon started
> poll.go:121: timeout hit after 10s: task count at 4 waiting for 0
> daemon.go:275: [ddc3c7c1476c2] exiting daemon
> clean.go:108: Removing image sha256:e6a8d12d58602a19277ee5632b7ff9fa56a4ea52ba00eedf1d3f6f5a495fe761
> clean.go:108: Removing image sha256:876244cc2ecb8fe1b0b2e817e3b78709a2a735edb093bc6849f99aa6c18f3a01
This PR adjusts the timeout value for both `arm64` and `arm` to mitigate
this issue on those 2 platforms.
Signed-off-by: Dennis Chen <dennis.chen@arm.com>
Upstream-commit: 4542016cbe985d2af60c25f6a5b24df50bb50aba
Component: engine
Using parallel tests is nice, however it can cause an issue with
multiple daemons trying to make changes to iptables at the same time
which causes flakey tests.
This just disables iptables for the set of tests since it is not
required.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 9e3193810da91d81f6b2dba3171443557f756794
Component: engine
This fix adds an integration test for `before` and `since` filter for `docker ps`
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 52b44b98161872f704f7e3eea16e0f3177ca4e42
Component: engine
This fix adds a test case for 35333: Devicemapper: ignore Nodata errors when delete thin device
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 7c6ef28042c20fdad23cd461ab49b9cfa0c757df
Component: engine
The building machinery was being handed an uninitialized container
Config. This changes it to use the target container's Config.
Resolves#30538
Signed-off-by: Anthony Sottile <asottile@umich.edu>
Upstream-commit: 0785836c4b440a8d4a5dfdb8df82e50f9f4d23a1
Component: engine
When the containerd 1.0 runtime changes were made, we inadvertantly
removed the functionality where any running containers are killed on
startup when not using live-restore.
This change restores that behavior.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: e69127bd5ba4dcf8ae1f248db93a95795eb75b93
Component: engine
The `docker info` command compares the installed version
of containerd using a Git-sha. We currently use a tag for
this, but that tag is not returned by the version-API of
containerd, resulting in the `docker info` output to show:
containerd version: 89623f28b87a6004d4b785663257362d1658a729 (expected: v1.0.0)
This patch changes the `v1.0.0` tag to the commit that
corresponds with the tag, so that the `docker info` output
does not show the `expected:` string.
This should be considered a temporary workaround; the check
for the exact version of containerd that's installed was needed
when we still used the 0.2.x branch, because it did not have
stable releases yet.
With containerd reaching 1.0, and using SemVer, we can likely
do a comparison for "Major" version, or make this a "packaging"
issue, and remove the check entirely (we can still _print_ the
version that's installed if we think it's usefule).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 2c8018f4bd7f48bf8f35770dea68f81b9591bb58
Component: engine
The commit '0a13f827a10d3bf61744d9b3f7165c5885a39c5d' introduces an
import test for CVE-2017-14992, it uses a 8GB image to make sure we
don't revert CVE-2017-14992, but unfortunately this test can't finish
in 5-min on AArch64, as a fact, in most cases we have to crate a very
big image to make the test effective on AArch64, but this will result
in a test panic, so now we skip it order to avoid termination of others
tests followed.
Signed-off-by: Dennis Chen <dennis.chen@arm.com>
Upstream-commit: 6395b8b3dcc43be6750e0d90d9bab0a83e4eb20b
Component: engine
Adds a main_test for the image integration test, so we can download
frozen images, and clean up after the image test is ran
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
Upstream-commit: be83f42612e3be42fcd60726d48d7346befc9449
Component: engine
To ensure that we don't revert CVE-2017-14992, add a test that is quite
similar to that upstream tar-split test (create an empty archive with
lots of junk and make sure the daemon doesn't crash).
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Upstream-commit: 0a13f827a10d3bf61744d9b3f7165c5885a39c5d
Component: engine
In some circumstances we were not properly releasing plugin references,
leading to failures in removing a plugin with no way to recover other
than restarting the daemon.
1. If volume create fails (in the driver)
2. If a driver validation fails (should be rare)
3. If trying to get a plugin that does not match the passed in capability
Ideally the test for 1 and 2 would just be a unit test, however the
plugin interfaces are too complicated as `plugingetter` relies on
github.com/pkg/plugin/Client (a concrete type), which will require
spinning up services from within the unit test... it just wouldn't be a
unit test at this point.
I attempted to refactor this a bit, but since both libnetwork and
swarmkit are reliant on `plugingetter` as well, this would not work.
This really requires a re-write of the lower-level plugin management to
decouple these pieces.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 3816b514387efd24394f0b8e61d55502aa6ac9ac
Component: engine
Ensures that the frozen test images are loaded in the daemon
before any tests are run.
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
Upstream-commit: 58151358c0c296c2cf601aea528d5e8a11a20d12
Component: engine
