It should allow easier updates for containerd and runc
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: 1b41125ad9f1a3881b71bd044d76fd285170addb
Component: engine
This adds a small C binary for fighting zombies. It is mounted under
`/dev/init` and is prepended to the args specified by the user. You
enable it via a daemon flag, `dockerd --init`, as it is disable by
default for backwards compat.
You can also override the daemon option or specify this on a per
container basis with `docker run --init=true|false`.
You can test this by running a process like this as the pid 1 in a
container and see the extra zombie that appears in the container as it
is running.
```c
int main(int argc, char ** argv) {
pid_t pid = fork();
if (pid == 0) {
pid = fork();
if (pid == 0) {
exit(0);
}
sleep(3);
exit(0);
}
printf("got pid %d and exited\n", pid);
sleep(20);
}
```
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: ee3ac3aa66bfb27b7c21dfb253fdaa113baedd4e
Component: engine
moves ensure-frozen-images to go
moves ensure-syscall-test to go
moves ensure-nnp-test to go
moves ensure-httpserver to go
Also makes some of the fixtures load only for the required tests.
This makes sure that fixtures that won't be needed for a test run such as
`make TESTFLAGS='-check.f Swarm' test-integration-cli` (for example)
aren't loaded... like the syscall tests.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: ff91276d1f5beab5582d9ca582ee01af13198333
Component: engine
Passses down BUILD_APT_MIRROR to the docker env.
Ensures BUILD_APT_MIRROR is used when building debs, but only when the
consuming `Dockerfile` actually uses it, otherwise it will cause the
build to fail (e.g. on Ubuntu builds we aren't using APT_MIRROR).
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: f672a963c9f1225daec9d2d12577f95936dee51e
Component: engine
Adds a new bundle `verify-integration-tests` which pre-compiles a test
binary for the integration tests.
This makes sure that the integration tests will actually compile before
doing other tasks which take much longer, such as building dockerd and
loading test fixtures.
When it comes time to actually run the tests, the pre-compiled binary
will be used so it doesn't have to compile the tests a 2nd time.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 4d0275c8192ca39d88f7dbe1e59ec03b544b6696
Component: engine
This adds a `results.xml` to the test-docker-py output folder.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: a9e513867cd9eb327ae56877886ed18a5ad5b691
Component: engine
Since Go 1.7, s390x uses upstream Go, so we have no reason to
support gccgo any more.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Upstream-commit: eda90f63446253f97d2011926555306f2417d208
Component: engine
This patch allows to only release the packages that were built and are
present under the bundles/ directory instead of assuming packages exist
for all distros enumerated in the contrib/builder/ directory.
It also now adds support for armhf architecture for apt repositories.
Signed-off-by: Tibor Vass <tibor@docker.com>
Upstream-commit: 2ff2e9a73076b737948c68c26f26b7bda5ac7db8
Component: engine
Interactive integration testing is useful when you're developing new tests, or
making changes to cli code.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Upstream-commit: 1d945a9743748373cd5c5bfface3209d241007d7
Component: engine
This adds the ability to have different profiles for individual distros
and versions of the distro because they all ship with and depend on
different versions of policy packages.
The `selinux` dir contains the unmodified policy that is being used
today. The `selinux-fedora` dir contains the new policy for fedora 24
with the changes for it to compile and work on the system.
The fedora policy is from commit
4a6ce94da5
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: 32b1f26c5111b22fe4277879c4f5e4687a6a72fc
Component: engine
We don't need hidden files to be listed
in the indexes, so skip them if hidden
files exist.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 153c946b7923fda4d60ad735f2f9e02ffb150704
Component: engine
While testing #24510 I noticed that 32 bit syscalls were incorrectly being
blocked and we did not have a test for this, so adding one.
This is only tested on amd64 as it is the only architecture that
reliably supports 32 bit code execution, others only do sometimes.
There is no 32 bit libc in the buildpack-deps so we cannot build
32 bit C code easily so use the simplest assembly program which
just calls the exit syscall.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Upstream-commit: 93bbc76ee53240e0862c6f1ff409e7a4ee0883dc
Component: engine
Reverts https://github.com/docker/docker/pull/18197
This was a workaround before Go 1.6, not required any more.
cc @nalind @Govinda-Fichtner
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Upstream-commit: 4d7038208f612dc0dfb0ac816adafd21043acd2f
Component: engine
Fixes#23981
The selinux issue we are seeing in the report is related to the socket
file for docker and nothing else. By removing the socket docker starts
up correctly.
However, there is another motivation for removing socket activation from
docker's systemd files and that is because when you have daemons running
with --restart always whenever you have a host reboot those daemons
will not be started again because the docker daemon is not started by
systemd until a request comes into the docker API.
Leave it for deb based systems because everything is working correctly
for both socket activation and starting normally at boot.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: 04104c3a1e6cad30cb41b762e8832215466c0e95
Component: engine
Use the generate.sh script instead of md2man directly.
Update Dockerfile for generating man pages.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Upstream-commit: 00a8a40398263429f99b1a5f0be59048e1c6f38d
Component: engine
The original sed placement was creating packages with an
"unsupported" tag in the package name.
Fixes#24197
Signed-off-by: Christy Perez <christy@linux.vnet.ibm.com>
Upstream-commit: dab287819a21ef8755d2f1b578ebeea33eb4e784
Component: engine
`make run` allows you to fire up a daemon (in a container) just using
the existing built binaries. This allows for more rapid iteration
instead of dealing with firing up a shell just to start the daemon.
By default the daemon will listen on port 2375 on the default network
interface.
If a port forward is required to access the daemon, the user can set
`make DOCKER_PORT=2375 run` to get a port forward on a random port with
the daemon listening on port 2375, or `make DOCKER_PORT=2375:2375 run`
to get a daemon running with port 2375 forwarded to the daemon running
on 2375.
Note that the daemon is automatically configured to listen on whatever
port is set for the container side of the `DOCKER_PORT` port spec.
When running on docker4mac, the user must do the following:
```
$ make BINDDIR=. DOCKER_PORT=2375 run
```
This makes sure the binaries are loaded in the container and a port is
forwarded, since it is currently impossible to route traffic from the
mac directly to a container IP.
To get a fresh binary:
```
$ make BINDDIR=. DOCKER_PORT=2375 binary run
```
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: cae890bc79f7cf2a9d482453f0589d35d3f0a41c
Component: engine
This was missed in #23312 even though the other parts of
this were fixed.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Upstream-commit: 47ace5cd989103f7d646282fce66434b5a3c13f6
Component: engine
This reduces memory usage with a lot of docker proxy processes.
On Docker for Mac we are currently carrying a patch to replace
the binary as we modify it to forward ports to the Mac rather
than the Linux VM, this allows us to simply replace this binary
in our packaging with one that has a compatible interface. This
patch does not provide an easy way to substitute a binary as
the interface is complex and there are few use cases, but where
needed this can be done.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Upstream-commit: 0682468431867e3382a759402eb92df5877e310b
Component: engine
error: line 89: Invalid version (epoch must be unsigned integer):
%{epoch}:1.12.0-0.3.rc3.fc24: Requires(pre): docker-engine-selinux >=
%%{epoch}:1.12.0-0.3.rc3.fc24
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Upstream-commit: 0c07e55e4c867ee034c72c7ff8a9b8d63a8ec17d
Component: engine
This will kill any left over containerd-shims to avoid the integration
script to stay stuck while it waits on them.
It will then causes CI to fail (even if all the tests succeeded).
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
Upstream-commit: fd1129d31a4e1981da2b25e165a46bcc7a042725
Component: engine
