This drops support for migrations from pre-1.10 Docker versions, which
should be done via an external tool or an intermediate upgrade.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Upstream-commit: f8119bb7a76b5c42defb6e0a2dc67bd77ad29a5e
Component: engine
Expand the contributing doc to include tips for successful PRs and
guidance on commit messages. This should help contributers to have
better position PRs that are more likely to be merged.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
Upstream-commit: 59e1d579e09b56cd909655fdefb405f0eb02b086
Component: engine
There is an issue with the ports leaking to other tests.
This is a workaround until the actual problem is addressed.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Upstream-commit: 24cd5444f982fd295248006f44c6ec2f4ab7f1f8
Component: engine
Linux supports many obsolete address families, which are usually available in
common distro kernels, but they are less likely to be properly audited and
may have security issues
This blocks all socket families in the socket (and socketcall where applicable) syscall
except
- AF_UNIX - Unix domain sockets
- AF_INET - IPv4
- AF_INET6 - IPv6
- AF_NETLINK - Netlink sockets for communicating with the ekrnel
- AF_PACKET - raw sockets, which are only allowed with CAP_NET_RAW
All other socket families are blocked, including Appletalk (native, not
over IP), IPX (remember that!), VSOCK and HVSOCK, which should not generally
be used in containers, etc.
Note that users can of course provide a profile per container or in the daemon
config if they have unusual use cases that require these.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Upstream-commit: 7e3a596a63fd8d0ab958132901b6ded81f8b44c0
Component: engine
Find one escaped go vet error:
```
$ cd pkg/httputils/
$ go vet .
httputils_test.go:28: arg response for printf verb %q of wrong type:
*net/http.Response
```
You can also find it with
```
$ go vet github.com/docker/docker/pkg/httputils/
```
or
```
$ go vet ./...
```
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
Upstream-commit: 3551893f46316388add55ab7421e9614d85dc52e
Component: engine
- Remove deprecated buildImage* functions
- Rename buildImageNew to buildImage
- Use *check.C in fakeContext* setup and in getIdByName
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: c10f6ef43f884306eb3ef60b2d19fdc931cf34cc
Component: engine
[test-integration] Use testEnv methods and remove most of the global variables
Upstream-commit: 4fdfcb36cd6ab3bdf78be522f43c0c2a2bd5c898
Component: engine
The Docker Captains are going to assist in our
triage process! \o/ \o/
This change adds the captains to the maintainers
file as a curator.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 57de634bf3d616cc7a4e89060a6e36105bfa5745
Component: engine
Add missing "${DOCKER_BUILD_ARGS}" for building rpm with `docker build`,
this is quite important when running `make rpm` behind http proxy.
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
Upstream-commit: 062ce13e9cc6a9eb8ea8ae6333ff1dcc915572c4
Component: engine
Use `testutil/cmd` for `buildCommand`.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: c778f4b964934aeaf0d86d79ea7397940b303238
Component: engine
Docker 1.13 moves the `--rm` flag to the daemon,
through an AutoRemove option in HostConfig.
When using API 1.24 and under, AutoRemove should not be
used, even if the daemon is version 1.13 or above and
"supports" this feature.
This patch fixes a situation where an 1.13 client,
talking to an 1.13 daemon, but using the 1.24 API
version, still set the AutoRemove property.
As a result, both the client _and_ the daemon
were attempting to remove the container, resulting
in an error:
ERRO[0000] error removing container: Error response from daemon:
removal of container ce0976ad22495c7cbe9487752ea32721a282164862db036b2f3377bd07461c3a
is already in progress
In addition, the validation of conflicting options
is moved from `docker run` to `opts.parse()`, so
that conflicting options are also detected when
running `docker create` and `docker start` separately.
To resolve the issue, the `AutoRemove` option is now
always set to `false` both by the client and the
daemon, if API version 1.24 or under is used.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 0ea7b143b0a8366799c83a955be676aaf1345214
Component: engine
