All underlay dirs need proper remapped ownership. This bug was masked by the
fact that the setupInitLayer code was chown'ing the dirs at startup
time. Since that bug is now fixed, it revealed this permissions issue.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Upstream-commit: 191cefbaca45ba86341379d09d2f75d5fc1868fb
Component: engine
- Moved the following config structs to api/types
- ContainerRmConfig
- ContainerCommitConfig
Signed-off-by: Morgan Bauer <mbauer@us.ibm.com>
Upstream-commit: 63fb931a0b7298c6281898bcc5f53ab0655ad1a6
Component: engine
Use better error message when user want to connect container with same
name to one network, this can help avoid confusion.
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
Upstream-commit: 8edb941b796cbdd2c9f3809a3290fcd4d8ae76ea
Component: engine
This solves a bug where /etc may have pre-existing permissions from
build time, but init layer setup (reworked for user namespaces) was
assuming root ownership. Adds a test as well to catch this situation in
the future.
Minor fix to wrong ordering of chown/close on files created during the
same initlayer setup.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Upstream-commit: 23b771782ab7236ce5024ac5773a6ded9a2af753
Component: engine
Because I like the name `system` better than `local` :)
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 867f432985d6b4a46c2f66225d70a4ffdb28d8a3
Component: engine
So other packages don't need to import the daemon package when they
want to use this struct.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Signed-off-by: Tibor Vass <tibor@docker.com>
Upstream-commit: 6bb0d1816acd8d4f7a542a6aac047da2b874f476
Component: engine
this Patch is ported from 3916561619d45a3d8ca17dfa467149824111023a
Signed-off-by: Liu Hua <sdu.liu@huawei.com>
Upstream-commit: 451f7517733087a8629fe20894b6c10a63bb155e
Component: engine
A TopicFunc is an interface to let the pubisher decide whether it needs
to send a message to a subscriber or not. It returns true if the
publisher must send the message and false otherwise.
Users of the pubsub package can create a subscriber with a topic
function by calling `pubsub.SubscribeTopic`.
Message delivery has also been modified to use concurrent channels per
subscriber. That way, topic verification and message delivery is not
o(N+M) anymore, based on the number of subscribers and topic verification
complexity.
Using pubsub topics, the API stops controlling the message delivery,
delegating that function to a topic generated with the filtering
provided by the user. The publisher sends every message to the
subscriber if there is no filter, but the api doesn't have to select
messages to return anymore.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 434d2e8745696255a204d9eefc6a2854ff74e5c2
Component: engine
Improves the current filtering implementation complixity.
Currently, the best case is O(N) and worst case O(N^2) for key-value filtering.
In the new implementation, the best case is O(1) and worst case O(N), again for key-value filtering.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 93d1dd8036d57f5cf1e5cbbbad875ae9a6fa6180
Component: engine
It will Tar up contents of child directory onto tmpfs if mounted over
This patch will use the new PreMount and PostMount hooks to "tar"
up the contents of the base image on top of tmpfs mount points.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
Upstream-commit: b3e527dfd242ad30c0297c8b257862116cf2c50e
Component: engine
Closes#9798
@maintainers please note that this is a change to the UX. We no longer
require the -f flag on `docker tag` to move a tag from an existing image.
However, this does make us more consistent across our commands,
see https://github.com/docker/docker/issues/9798 for the history.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Upstream-commit: 8d4fe141c4c3f456df9c2be75ffe5071d1665717
Component: engine
It makes the inspect result consistent between cli and REST api
when MemorySwappiness is not set.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Upstream-commit: 4089b4e4400d44f7c0a5b15065c70228f10ebf0c
Component: engine
- avoid empty Names in container list API when fails to remove
a container
- avoid dead containers when fails to create a container
Signed-off-by: Shijiang Wei <mountkin@gmail.com>
Upstream-commit: 4953ea1eae211366c7214bfd2381a4a189d5466a
Component: engine
ext4 filesystem creation can take a long time on 100G thin device and
systemd might time out and kill docker service. Often user is left thinking
why docker is taking so long and logs don't give any hint. Log an info
message in journal for start and end of filesystem creation. That way
a user can look at logs and figure out that filesystem creation is
taking long time.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Upstream-commit: a489e685c0d17455463945316cfe366e4e65dca6
Component: engine
