Following #19995 and #17409 this PR enables skipping userns re-mapping
when creating a container (or when executing a command). Thus, enabling
privileged containers running side by side with userns remapped
containers.
The feature is enabled by specifying ```--userns:host```, which will not
remapped the user if userns are applied. If this flag is not specified,
the existing behavior (which blocks specific privileged operation)
remains.
Signed-off-by: Liron Levin <liron@twistlock.com>
Upstream-commit: 6993e891d10c760d22e0ea3d455f13858cd0de46
Component: engine
Docker creates a UTS namespace by default, even with --net=host, so it
is reasonable to let the user set the hostname. Note that --hostname is
forbidden if the user specifies --uts=host.
Closes#12076
Signed-off-by: Jason Heiss <jheiss@aput.net>
Upstream-commit: 3f445e63b4568845f439c5d30a99ba10603b1938
Component: engine
also fix wrong function comment
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Upstream-commit: d266142230bd041c8299eef329cf79a17f8f7478
Component: engine
Make sure the image configuration is not overriden by the default
value in the `create` flag.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: a252516ec19c9c83055a882da894712f2e812ecc
Component: engine
since it is an error if that address is unavailable.
Signed-off-by: Bryan Boreham <bjboreham@gmail.com>
Upstream-commit: 7126ecd0ad1f6188540949cbdbca20f4a75d1839
Component: engine
Default is predefined network and is reserved, so we should stop user
from creating network with name `default`
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
Upstream-commit: 31dae442c8a640694209c7451d6e9bf644aa2743
Component: engine
This brings in the container-local alias functionality for containers
connected to u ser-defined networks.
Signed-off-by: Madhu Venugopal <madhu@docker.com>
Upstream-commit: e221b8a3d64c13178e156fc3ece5e9894dac1603
Component: engine
It's like `MemorySwappiness`, the default value has specific
meaning (default false means enable oom kill).
We need to change it to pointer so we can update it after
container is created.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
(cherry picked from commit 9c2ea42329179c589f5a8991ccf0253eb10fc897)
Conflicts:
vendor/src/github.com/docker/engine-api/types/container/host_config.go
Upstream-commit: f4a687334b1d026c84809fd005e1a82225d1c86f
Component: engine
Merge was used by builder and daemon. With this commit, the builder
call has been inlined and the function moved to the daemon package,
which is the only other caller.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
Upstream-commit: eb4ae8e28aa0baf28d6cde1079a5f9c618d475b2
Component: engine
dockerfile.Config is almost redundant with ImageBuildOptions.
Unify the two so that the latter can be removed. This also
helps build's API endpoint code to be less dependent on package
dockerfile.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
Upstream-commit: 5190794f1d85d5406611eb69c270df62ac1cdc7f
Component: engine
These validators are only used by runconfig.Parse() or some other part of the
client, so move them into the client-side package.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Upstream-commit: 0007f5a85935b2edcb08eb2d7e736e4db59157a9
Component: engine
The parse.go file is used almost exclusively in the client. The few small
functions that are used outside of the client could easily be copied out
when the client is extracted, allowing this runconfig/opts package to
move to the client.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Upstream-commit: 2b7ad47bd2649c3f164e8b57b31fae313045c8f4
Component: engine
- Make the API client library completely standalone.
- Move windows partition isolation detection to the client, so the
driver doesn't use external types.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 7ac4232e70fe7cf7318333cd0890db7f95663079
Component: engine
This is a very docker concept that nobody elses need.
We only maintain it to keep the API backwards compatible.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: f9b857a200696b07b67e6a7f94ede32487f5649d
Component: engine
1. It's a cgroup api, fit the general defination that we take
cgroup options as kind of resource options.
2. It's common usage and very helpful as explained here:
https://github.com/docker/docker/pull/18270#issuecomment-160561316
3. It's already in `Resource` struct in
daemon/execdriver/driver_unix.go
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Upstream-commit: 8498ed73f7b35da807b5d5dcf532114c7b3df52d
Component: engine
