so that the latter can be distro specific.
Signed-off-by: Avi Miller <avi.miller@oracle.com>
Upstream-commit: 5c6446f335a9f9010cabe93104f6feced0166dd8
Component: engine
Currently some notary tests change the system clock to check for expiration.
Skip these tests until the code can be refactored to not rely on updating the system clock.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: bf3c1e6a3afc951e41643b8d55d4ac25fa9cb06d
Component: engine
This reverts the change in 5170a2c096 that made ParseDevice private
Signed-off-by: Darren Shepherd <darren@rancher.com>
Upstream-commit: 421786e9254b728298397b8ae3e81e9f6259f369
Component: engine
This allow us to avoid entropy usage in non-crypto critical places.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: 6bca8ec3c9ccc169c53b3d7060fe5c8ba8670aac
Component: engine
You can read random bytes from Reader without exhausting entropy.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: 6963b9c71694509d8511264655f05c203f5b8f97
Component: engine
- Tested Mac/iterated with Jeff on fixes
- Waiting on formal uninstall;manual now
- 4 hour work
- Fixe #14562 converting Windows to Mac
- Found errors in installer need fixes/another iteration
- Updated as far as possible with limited installation
- 3 Hours work
- Entering comments from PR review
- New screen captures and migration material
- Entering Sven's comment
- Testing with powershell, Seb's comments
- Fix link in upgrade
- Minor tweaks to http and typos
- Adding deprecation note
Signed-off-by: Mary Anthony <mary@docker.com>
Upstream-commit: 6ca22add1845ca87ba9a3ec0c319a70f981545b2
Component: engine
The engine policy will now only complain
as a temporary measure to ensure we do not
cause breakages while users exercise this
policy.
This is NOT the policy for containers, but
for the newly-introduced policy for the
daemon itself.
Signed-off-by: Eric Windisch <eric@windisch.us>
Upstream-commit: 6c887be76951e802900a07e16aeaf0a079ac4534
Component: engine
Implements the policies for the remaining binaries
called by the Docker engine and eliminates the
giant whitelisted 'all files' permission in favor
of granular whitelisting and child-specific policies.
It should be possible now to remove the 'file' permission,
but for the sake of keeping Docker unbroken, we'll try
to gradually tighten the policy.
Signed-off-by: Eric Windisch <eric@windisch.us>
Upstream-commit: 8b2fcddcd251e58473abf6c4949573e03f44bb96
Component: engine
Will attempt to load profiles automatically. If loading fails
but the profiles are already loaded, execution will continue.
A hard failure will only occur if Docker cannot load
the profiles *and* they have not already been loaded via
some other means.
Also introduces documentation for AppArmor.
Signed-off-by: Eric Windisch <eric@windisch.us>
Upstream-commit: 3edc88f76df6a3bc9d887de8157ec71730c9057a
Component: engine
Options for zfs storage driver were incorrectly placed
under 'exec driver options' header. Move the header to
the correct place.
Now, this is the second time I am fixing this. First time
it was commit 68efb27, but the following commit 9af7afb
screwed it up again, so the header appears twice now.
Get rid of the the wrong one.
Cc: David Calavera <david.calavera@gmail.com>
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Upstream-commit: f52514a03888441a51aac677054958516b2ae43f
Component: engine
daemon_test.go supposted to be unit test for daemon, so
don't see reason why we need another daemon_unit_test.go.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Upstream-commit: ada852aa701e1ba34fd29589401b114309a2f74f
Component: engine
- boot2docker is deprecated in the 1.8.0
- docker-machine replaces it
- this fixes#14563
- Updating with thaJetzah comments
Signed-off-by: Mary Anthony <mary@docker.com>
Upstream-commit: 1825e06944db20ec677aa8d26b36e9036b0dd257
Component: engine
