Some methods need to get a container *and* validate some conditon on
these (is the container running, …). The CheckContainer allows
to do that and helps remove some duplication.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 12485d62eeba27119260dc5eb54ac4fa83c3130b
Component: engine
[feature]: add daemon flag to set no_new_priv as default for unprivileged containers
Upstream-commit: 6dd2a82458016d15786b0bb12ba4cecde9b6bb90
Component: engine
Since Register() will never return err,remove the return value
Signed-off-by: NickrenREN <yuquan.ren@easystack.cn>
Upstream-commit: 78b50c129e06ceab460648b9c84d464b4c34cfee
Component: engine
After running the test suite with the race detector enabled I found
these gems that need to be fixed.
This is just round one, sadly lost my test results after I built the
binary to test this... (whoops)
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 7917a36cc787ada58987320e67cc6d96858f3b55
Component: engine
… or could be in `opts` package. Having `runconfig/opts` and `opts`
doesn't really make sense and make it difficult to know where to put
some code.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: c424be21b7aa732681ed019b5e547a99fdc2afa5
Component: engine
This fix tries to address the issue raised in 29129 where
"--hostname" not working when running in "--net=host" for
`docker run`.
The fix fixes the issue by not resetting the `container.Config.Hostname`
if the `Hostname` has already been assigned through `--hostname`.
An integration test has been added to cover the changes.
This fix fixes 29129.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: b0a7b0120f4461daa34527a743087e73ef8f5963
Component: engine
the restart policy validation was moved from
the client to the daemon in 94e95e4711643640701bd614902e75a2d01f12c5
As part of that change, retry-counts < 1
were marked as "invalid".
However, the default is 0 (unlimited), causing
docker run -d --restart=on-failure nginx
To fail.
This changes the validation to only invalidate
retry-counts < 0.
A test was added, and other tests renamed
to allow running just these tests :)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 9db5d649aea1c3d4728d0159bb5175a49f77748e
Component: engine
Validation is still done by swarmkit on the service side.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: ef39256dfb711f8382a5c021b85d6c7d613282b0
Component: engine
`StreamConfig` carries with it a dep on libcontainerd, which is used by
other projects, but libcontainerd doesn't compile on all platforms, so
move it to `github.com/docker/docker/container/stream`
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 5ea75bb6bf41aeaeaa15d8bcceea5be87c211ffc
Component: engine
This fix is part of the fix for issue 25099. In 25099, if an env
has a empty name, then `docker run` will throw out an error:
```
ubuntu@ubuntu:~/docker$ docker run -e =A busybox true
docker: Error response from daemon: invalid header field value "oci runtime error:
container_linux.go:247: starting container process caused \"process_linux.go:295:
setting oom score for ready process caused \\\"write /proc/83582/oom_score_adj:
invalid argument\\\"\"\n".
```
This fix validates the Env in the container spec before it is sent
to containerd/runc.
Integration tests have been created to cover the changes.
This fix is part of fix for 25099 (not complete yet, non-utf case
may require a fix in `runc`).
This fix is related to 25300.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 818d55c34bed99b108e6102ef6aa6ef181567ce3
Component: engine
This moves the types for the `engine-api` repo to the existing types
package.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: 91e197d614547f0202e6ae9b8a24d88ee131d950
Component: engine
If AutoRemove is set, wait until client get `destroy` events, or get
`detach` events that implies container is detached but not stopped.
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
Upstream-commit: 6dd8e10d6ed7a7371c5c1824ad58c4403a7b3bfd
Component: engine
`--rm` is a client side flag which caused lots of problems:
1. if client lost connection to daemon, including client crash or be
killed, there's no way to clean garbage container.
2. if docker stop a `--rm` container, this container won't be
autoremoved.
3. if docker daemon restart, container is also left over.
4. bug: `docker run --rm busybox fakecmd` will exit without cleanup.
In a word, client side `--rm` flag isn't sufficient for garbage
collection. Move the `--rm` flag to daemon will be more reasonable.
What this commit do is:
1. implement a `--rm` on daemon side, adding one flag `AutoRemove` into
HostConfig.
2. Allow `run --rm -d`, no conflicting `--rm` and `-d` any more,
auto-remove can work on detach mode.
3. `docker restart` a `--rm` container will succeed, the container won't
be autoremoved.
This commit will help a lot for daemon to do garbage collection for
temporary containers.
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
Upstream-commit: 3c2886d8a45d8e79b00ab413d91f1af871b58d0a
Component: engine
In order to keep a little bit of "sanity" on the API side, validate
hostname only starting from v1.24 API version.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 6daf3d2a783fd042e870c8af8bbd19fc28989505
Component: engine
As described in our ROADMAP.md, introduce new Swarm management API
endpoints relying on swarmkit to deploy services. It currently vendors
docker/engine-api changes.
This PR is fully backward compatible (joining a Swarm is an optional
feature of the Engine, and existing commands are not impacted).
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Victor Vieux <vieux@docker.com>
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
Signed-off-by: Madhu Venugopal <madhu@docker.com>
Upstream-commit: 534a90a99367af6f6bba1ddcc7eb07506e41f774
Component: engine
So other packages don't need to import the daemon package when they
want to use this struct.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Signed-off-by: Tibor Vass <tibor@docker.com>
Upstream-commit: 6bb0d1816acd8d4f7a542a6aac047da2b874f476
Component: engine
Add distribution package for managing pulls and pushes. This is based on
the old code in the graph package, with major changes to work with the
new image/layer model.
Add v1 migration code.
Update registry, api/*, and daemon packages to use the reference
package's types where applicable.
Update daemon package to use image/layer/tag stores instead of the graph
package
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Upstream-commit: 4352da7803d182a6013a5238ce20a7c749db979a
Component: engine
Remove double reference between containers and exec configurations by
keeping only the container id.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 9ca2e4e81cdb950f2b5958a7712153d1a6dd6e4c
Component: engine
This is a small configuration struct used in two scenarios:
1. To attach I/O pipes to a running containers.
2. To attach to execution processes inside running containers.
Although they are similar, keeping the struct in the same package
than exec and container can generate cycled dependencies if we
move any of them outside the daemon, like we want to do
with the container.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 3f5b8f712d693188b41b3d9b55e5e5213be48ef5
Component: engine
By removing deprecated volume structures, now that windows mount volumes we don't need a initializer per platform.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 060f4ae6179b10aeafa883670826159fdae8204a
Component: engine
Turn BytesPipe's Read and Write functions into blocking, goroutine-safe
functions. Add a CloseWithError function to propagate an error code to
the Read function.
Adjust tests to work with the blocking Read and Write functions.
Remove BufReader, since now its users can use BytesPipe directly.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 64f8ee444d23ae29a236f169f1d7faf7042b524a
Component: engine
So we don't print those <no value> in the client and we don't fail
executing inspect templates with API field names.
Make sure those fields are initialized as empty slices when
a container is loaded from disk and their values are nil.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: f1a74a89f89affcfbe311e89aa752b3d551e0340
Component: engine
Each platform has only a driver now.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 157b66ad390902ef6f5b51b3f76d5177eacac81b
Component: engine
The LXC driver was deprecated in Docker 1.8.
Following the deprecation rules, we can remove a deprecated feature
after two major releases. LXC won't be supported anymore starting on Docker 1.10.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 3b5fac462d21ca164b3778647420016315289034
Component: engine
It'll allow to separate daemon layer more cleanly later.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: bb0e7eb196c65972ea66154461b7e654d776f92a
Component: engine
Create a supervisor interface to let the container monitor to emit events.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: ca5ede2d0a23cb84cac3b863c363d0269e6438df
Component: engine
It's the only place where it's used.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: ebf707ec5fc9e942b89f6405df35cd6c0fabb15b
Component: engine
