There is an issue with the ports leaking to other tests.
This is a workaround until the actual problem is addressed.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Upstream-commit: 24cd5444f982fd295248006f44c6ec2f4ab7f1f8
Component: engine
Linux supports many obsolete address families, which are usually available in
common distro kernels, but they are less likely to be properly audited and
may have security issues
This blocks all socket families in the socket (and socketcall where applicable) syscall
except
- AF_UNIX - Unix domain sockets
- AF_INET - IPv4
- AF_INET6 - IPv6
- AF_NETLINK - Netlink sockets for communicating with the ekrnel
- AF_PACKET - raw sockets, which are only allowed with CAP_NET_RAW
All other socket families are blocked, including Appletalk (native, not
over IP), IPX (remember that!), VSOCK and HVSOCK, which should not generally
be used in containers, etc.
Note that users can of course provide a profile per container or in the daemon
config if they have unusual use cases that require these.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Upstream-commit: 7e3a596a63fd8d0ab958132901b6ded81f8b44c0
Component: engine
- Remove deprecated buildImage* functions
- Rename buildImageNew to buildImage
- Use *check.C in fakeContext* setup and in getIdByName
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: c10f6ef43f884306eb3ef60b2d19fdc931cf34cc
Component: engine
[test-integration] Use testEnv methods and remove most of the global variables
Upstream-commit: 4fdfcb36cd6ab3bdf78be522f43c0c2a2bd5c898
Component: engine
Use `testutil/cmd` for `buildCommand`.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: c778f4b964934aeaf0d86d79ea7397940b303238
Component: engine
This test checks to make sure both v1.12 and v1.13 client against v1.13 daemon get correct `Size` after the fix.
This test is related to 30027.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: d9451f1c8c8a584053ef06e0801df14e37d43cbd
Component: engine
- Join a few tests in one when it makes sense (reduce the number of
container run and thus the overall time of the suites)
- Remove some duplication on several tests
- Remove some unused methods
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 9af5d7c34039d5e9d8a7dca6ea148147dc482dee
Component: engine
This fix adds a new flag `--availability` to `swarm join`.
Related documentation has been updated.
An integration test has been added.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 0f30c644441b3b4150252af1b41db99d4b6e697a
Component: engine
This fix tries to address the issue raised in 24596 where it was not
possible to join as manager only (`--availability=drain`).
This fix adds a new flag `--availability` to `swarm join`.
Related documentation has been updated.
An integration test has been added.
NOTE: Additional pull request for swarmkit and engine-api will
be created separately.
This fix fixes 24596.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: a8e7e37aa82d1adac67b05836ea97a06fbdfdbf0
Component: engine
This fix tries to address the issue raised in docker/docker-29730
where a service with multiple published ports mapping to the same target
port (e.g., `--publish 5000:80 --publish 5001:80`) can't be allocated.
The reason for the issue is that, `getPortConfigKey` is used for both
allocated ports and configured (may or may not be allocated) ports.
However, `getPortConfigKey` will not take into consideration the
`PublishedPort` field, which actually could be different for different
allocated ports.
This fix saves a map of `portKey:portNum:portState`, instead of currently
used `portKey:portState` so that multiple published ports could be processed.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: cb59bd0c5194f3f74cd405a87b562465219cad8a
Component: engine
This reverts commit 105bc63295a7126798d3722a0e205c5ead4e2b1c,
which (although correct), resulted in a backward incompatible
change.
We can re-implement this in future, after this changes goes
through a deprecation cycle
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: c67550414b762ab32ea3e9645ebcafb79cb9059d
Component: engine
Start work on adding unit tests to our cli code in order to have to
write less costly integration test.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: f151c297eb268e22dc1eb36ded0e356885f40739
Component: engine
The `digest` data type, used throughout docker for image verification
and identity, has been broken out into `opencontainers/go-digest`. This
PR updates the dependencies and moves uses over to the new type.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
Upstream-commit: 7a855799175b6b984886ef1cfa337d6df1d4c668
Component: engine
This test checks for the substring "foo" in the "secret ls" output. This
is a valid base36 substring and can sometimes show up by chance:
docker_cli_secret_create_test.go:86:
c.Assert(out, checker.Not(checker.Contains), name)
... obtained string = "" +
... "ID NAME CREATED UPDATED\n" +
... "ob8y4t4feuz8pn5h6vla9oxoz stefoo7e268ozqfupi9s4se9q Less than a second ago Less than a second ago\n"
... substring string = "foo"
Change the secret name to test_secret, matching other tests. Underscores
can't appear in base36 so this name is safe to grep for.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 45833ce54d741b2378819e3ba5859533c317ae01
Component: engine
There is still ways to go
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 87e3fcfe1e059780c4ee57abb097296fd29e09af
Component: engine
