When listener channel is closed, it becomes always available for
reading: select becomes an active loop which writes default-constructed
events (i.e: empty strings).
Fixes#5766.
Docker-DCO-1.1-Signed-off-by: Arnaud Porterie <arnaud.porterie@gmail.com> (github: icecrime)
Upstream-commit: 8699f53e6a033a7b5b55a2b6356da7c6e220d01f
Component: engine
Add a mention of 80 column lines and reflow the document to hide the evidence.
Upstream-commit: d9b1c1976ff7343a04c030399ef879430e78226b
Component: engine
to cover a couple of use-cases:
* 1mb file, using no compression
* 1mb file, using compression
* 1024 1k files, using no compression
* 1024 1k files, using compression
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
Upstream-commit: d153740d9c7d672b9433f173b9a098a5d3c14c53
Component: engine
This commit makes the Docker daemon call UpdateSuffixarray only after
it finishes registering all containers.
This lowers the amount of time required for the Docker daemon to start
up.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Upstream-commit: 5d5c89398c39e2f38459aae42189c9ca1125c1d3
Component: engine
This commit refactors TruncIndex to make it possible to add container
ids to the TruncIndex without updating the Suffixarray.
This is useful during the Docker daemon's startup when we don't want to
update the Suffixarray for every container we add.
Add continues to function like before.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Upstream-commit: 219b7ae8b526bb5e6d0e27176308db71438a002f
Component: engine
This moves the call to sort in daemon/history to a function to be
called explicitly when we're done adding elements to the list.
This speeds up `docker ps`.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Upstream-commit: e963179c790ec49b28fae0d7ebc0d9d2b3ac0b72
Component: engine
Now IP reuses only after all IPs from network was allocated
Fixes#5729
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
Upstream-commit: 80fca061e7661549a05b2696488db3fea008e2dd
Component: engine
This patch is a preventative patch, it fixes possible future
vulnerabilities regarding unsantised paths. Due to several recent
vulnerabilities, wherein the docker daemon could be fooled into
accessing data from the host (rather than a container), this patch
was created to try and mitigate future possible vulnerabilities in
the same vein.
Docker-DCO-1.1-Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
Upstream-commit: 0fb507dc2328c5c364a2cd1701a155efb1767a1a
Component: engine
This patch adds integration tests for the copying of resources
from a container, to ensure that regressions in the security of
resource copying can be easily discovered.
Docker-DCO-1.1-Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
Upstream-commit: 79ca77f3e80d983cf72aa131c1b59c77c60270b0
Component: engine
This patch fixes the bug that allowed cp to copy files outside of
the containers rootfs, by passing a relative path (such as
../../../../../../../../etc/shadow). This is fixed by first converting
the path to an absolute path (relative to /) and then appending it
to the container's rootfs before continuing.
Docker-DCO-1.1-Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
Upstream-commit: bfc3a4192ae5723e401470688cdae59b95bd61f1
Component: engine
and `create` is now a loaded word for some readers
Docker-DCO-1.1-Signed-off-by: SvenDowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
Upstream-commit: af891a67516149c4db490018430114c137cba9db
Component: engine
Before we create any files to bind-mount on, make sure they are
inside the container rootfs, handling for instance absolute symbolic
links inside the container.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: b7c7b851dce28bb679e0289168da382d7cdad74b
Component: engine
