The `Status` field is a `map[string]interface{}` which allows the driver to pass
back low-level details about the underlying volume.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 36a1c56cf555f8fe9ceabeebb8fc956e05863fc7
Component: engine
People have reported following problem.
- docker run -ti --name=foo -v /dev/:/dev/ fedora bash
- docker cp foo:/bin/bash /tmp
Once the cp operation is complete, it unmounted /dev/pts on the host. /dev/pts
is a submount of /dev/. This is completely unexpected. Following is the
reson for this behavior.
containerArchivePath() call mountVolumes() which goes through all the mounts
points of a container and mounts them in daemon mount namespace in
/var/lib/docker/devicemapper/mnt/<containerid>/rootfs dir. And once we have
extracted the data required, these are unmounted using UnmountVolumes().
Mounts are done using recursive bind (rbind). And these are unmounted using
lazy mount option on top level mount. (detachMounted()). That means if there
are submounts under top level mounts, these mount events will propagate and
they were "shared" mounts with host, it will unmount the submount on host
as well.
For example, try following.
- Prepare a parent and child mount point.
$ mkdir /root/foo
$ mount --bind /root/foo /root/foo
$ mount --make-rshared /root/foo
- Prepare a child mount
$ mkdir /root/foo/foo1
$ mount --bind /root/foo/foo1 /root/foo/foo1
- Bind mount foo at bar
$ mkdir /root/bar
$ mount --rbind /root/foo /root/bar
- Now lazy unmount /root/bar and it will unmount /root/foo/foo1 as well.
$ umount -l /root/bar
This is not unintended. We just wanted to unmount /root/bar and anything
underneath but did not have intentions of unmounting anything on source.
So far this was not a problem as docker daemon was running in a seprate
mount namespace where all propagation was "slave". That means any unmounts
in docker daemon namespace did not propagate to host namespace.
But now we are running docker daemon in host namespace so that it is possible
to mount some volumes "shared" with container. So that if container mounts
something it propagates to host namespace as well.
Given mountVolumes() seems to be doing only temporary mounts to read some
data, there does not seem to be a need to mount these shared/slave. Just
mount these private so that on unmount, nothing propagates and does not
have unintended consequences.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Upstream-commit: cacd4007776672e918162936d8846eb51a5300e6
Component: engine
If a build context tar has path names of the form 'x/./y', they will be
stored in this unnormalized form internally by tarsum. When the builder
walks the untarred directory tree and queries hashes for each relative
path, it will query paths of the form 'x/y', and they will not be found.
To correct this, have tarsum normalize path names by calling Clean.
Add a test to detect this caching false positive.
Fixes#21715
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 8691a77e441996fef96019b94f299a11b7244080
Component: engine
Distro packagers will often use the tarball to build a package and have
the build script for the package in git. To avoid that the docker build
script picks up the git commit from the distro repo we also check for a
directory named .git before check for -unsupported builds.
Signed-off-by: Natanael Copa <natanael.copa@docker.com>
Upstream-commit: 355ad33087c1c683458b60a6bc9e1f89623ee275
Component: engine
This feature was added after the 1.11 code-freeze,
so will be part of the 1.12 release. Moving it to the
right API version.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 8ef76f779d6ea59cb1a8c6fde52e4d719a8c073a
Component: engine
Some fixes in the changelog were not regressions
since 1.10.x, but only present in 1.11 release candidates
so don't need to be mentioned for the release.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 99589731ac1e5d901436e6d0d8c03e9eddb5cccc)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: d53e136a2bed649be245ce3a3d59faa344a2a755
Component: engine
hardware signing was put back to experimental due to packaging issues
(https://github.com/docker/docker/pull/21499)
add missing "--quiet" option for docker load
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 32a5308237858cc5b7bcac16cc16286fc7996a9b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: b7f9856a3667491e7e054033a8a4cdf9c6abdf7c
Component: engine
Signed-off-by: John Howard <jhoward@microsoft.com>
(cherry picked from commit 76489af40f40385b3fd9f0a669fdc8cf3640e188)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 932e58631426b56939f7bf856c245446c41299eb
Component: engine
In TP5, Hyper-V containers need all image files ACLed so that the virtual
machine process can access them. This was fixed post-TP5 in Windows, but
for TP5 we need to explicitly add these ACLs.
Signed-off-by: John Starks <jostarks@microsoft.com>
Upstream-commit: 6f8878872f8782d4300faeb80413c8c60f56cff1
Component: engine
* Fix closing strings in graphdriver plugin documentation
Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
* Fix documenation for Err type in graphdriver plugins
Fix https://github.com/docker/go-plugins-helpers/issues/24
Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
* Add missing MountLabel argument in graphdriver plugin documentation
The real `Create` seems also to take more arguments (the `storageOpt`) which
are not exposed to the plugin API (yet?).
Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
* Add missing CreateReadWrite in graphdriver plugin documentation
Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
Upstream-commit: 44fe649c2ed6c1c6ba201086c1f83ec993ce9064
Component: engine
Copy edit the content
Updates to existing material
Adding mbentley's comments
Updating with last minute comments
Update with Seb's comments
Signed-off-by: Mary Anthony <mary@docker.com>
Upstream-commit: 783ebebff40ebdae27dc72b4c8c5151a01220a87
Component: engine
Binaries are now distributed as a '.tgz' or '.zip'
archive, and contain multiple binaries for Linux.
This updates the instructions for 1.11.
Also mention that the Windows 64-bit binary
actually can be used as a daemon. Given that
this is still in beta, no instructions were
added for *running* a daemon on Windows.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: f5336c737086a4c1807bb2b6ab57116b5ed9d769
Component: engine
