Wraps the engine itself with an AppArmor policy.
This restricts what may be done by applications
we call out to, such as 'xz'.
Significantly, this policy also restricts the policies
to which a container may be spawned into. By default,
users will be able to transition to an unconfined
policy or any policy prefaced with 'docker-'.
Local operators may add new local policies prefaced
with 'docker-' without needing to modify this policy.
Operators choosing to disable privileged containers
will need to modify this policy to remove access
to change_policy to unconfined.
Signed-off-by: Eric Windisch <eric@windisch.us>
Upstream-commit: 39dae54a3f40035b1b7e5ca86c53d05dec832ed2
Component: engine
Re-add the docs from @calavera's PR to the moved cli cmd reference docs.
Fix gofmt and vet issues from carried commits
Add integration test for using format with --no-trunc and multi-names
Fix custom_test map order dependency on expected value check
Add docs to reference/commandline/ps.md
Remove "-F" flag option from original carried PR content
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Upstream-commit: 542b58d8f7a2ff3b78a71b7d2c3145dd79f1fa97
Component: engine
/images/search was replying with Content-Type text/plain instead
of application/json.
Fix#14846
Signed-off-by: Antonio Murdaca <runcom@linux.com>
Upstream-commit: 1a5d6a94c9e4c099354d9125ea857f6277eca0b7
Component: engine
Fix the following warnings:
pkg/mount/mountinfo.go:5:6: type name will be used as mount.MountInfo by other packages, and that stutters; consider calling this Info
pkg/mount/mountinfo.go:7:2: struct field Id should be ID
Signed-off-by: Antonio Murdaca <runcom@linux.com>
Upstream-commit: 0f5c9d301b9b1cca66b3ea0f9dec3b5317d3686d
Component: engine
Allow starting a container with an existing hostConfig which contains links
Upstream-commit: 06162fed8b12d4f43ca3d03d6956996b6c73015d
Component: engine
It's introduced in
68ba5f0b69c9f38 (Execdriver implementation on new libcontainer API)
But I don't see reson why we need it.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Upstream-commit: af3059855c0b59c08b115a70d3f61b0fab3270de
Component: engine
Keep old hashes around for old api version calls.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 1c3cb2d31ea722e2c174bf78eda62fec6949fb8b
Component: engine
Documented changes to API to enable new `docker cp` behavior.
Added documentation on `docker cp` usage and behavior.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Upstream-commit: e54b1e081ae15a71e758f7d2691dc2bff3f66e02
Component: engine
V1 mirrors do not mirror the index and those endpoints should
only be indexes.
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
Upstream-commit: 6b36a488e77c9d91c8eacb07053bff263bda04f3
Component: engine
If a registry mirror is using TLS, ensure that certs for it
are picked up from /etc/docker/certs.d
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
Upstream-commit: cb57b256892b7d6c046cf28e45b9114f28f07aa3
Component: engine
Adds several integration tests for `docker cp` behavior with over a dozen
tests for each of:
container -> local
local -> container
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Upstream-commit: 418135e7eac6e664834b8a9d09d8051ec296a48f
Component: engine
Supports copying things INTO a container from a local file or from a tar
archive read from stdin.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Upstream-commit: 93c3e6c91ec5eb4202b86b44b011d06f5e048dab
Component: engine
Adds http handlers for new API endpoints:
GET ContainersArchivePath
Return a Tar Archive of the contents at the specified location in a
container. Deprecates POST ContainersCopy. Use a HEAD request to stat
the resource.
PUT ContainersExtractToDir
Extract the Tar Archive from the request body to the directory at the
specified location inside a container.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Upstream-commit: db9cc91a9ef7dea4c8d85f64578889cec3dd99b2
Component: engine
Add a set of newly linted packages, and fix the script.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Upstream-commit: 7f02cc420ab068f129ec24f3c7514a838bddb1ce
Component: engine
The only uses of RequestAuthorization and its associated functions were
removed in 19515a7ad859b28c474d81e756ac245afcd968e3 ("Update graph to
use vendored distribution client for the v2 codepath")
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 962dc622d94a17a30a5926e8155da87a7e39e933
Component: engine
