Add tests on:
- changes.go
- archive.go
- wrap.go
Should fix#11603 as the coverage is now 81.2% on the ``pkg/archive``
package. There is still room for improvement though :).
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: c21d408ad24cf8e2b5bd761d562fae7e3ae1bc54
Component: engine
And warning is not supposed to have a prefix WARNING.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Upstream-commit: f3dc35169780e1555b4116986649b729cb80b5d1
Component: engine
Added daemon field to it, will use it later for acces to daemon from
handlers
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: d9ed3165228b60cb89c31d0d66b99e01ab83eb3e
Component: engine
When firewalld (or iptables service) restarts/reloads,
all previously added docker firewall rules are flushed.
With firewalld we can react to its Reloaded() [1]
D-Bus signal and recreate the firewall rules.
Also when firewalld gets restarted (stopped & started)
we can catch the NameOwnerChanged signal [2].
To specify which signals we want to react to we use AddMatch [3].
Libvirt has been doing this for quite a long time now.
Docker changes firewall rules on basically 3 places.
1) daemon/networkdriver/portmapper/mapper.go - port mappings
Portmapper fortunatelly keeps list of mapped ports,
so we can easily recreate firewall rules on firewalld restart/reload
New ReMapAll() function does that
2) daemon/networkdriver/bridge/driver.go
When setting a bridge, basic firewall rules are created.
This is done at once during start, it's parametrized and nowhere
tracked so how can one know what and how to set it again when
there's been firewalld restart/reload ?
The only solution that came to my mind is using of closures [4],
i.e. I keep list of references to closures (anonymous functions
together with a referencing environment) and when there's firewalld
restart/reload I re-call them in the same order.
3) links/links.go - linking containers
Link is added in Enable() and removed in Disable().
In Enable() we add a callback function, which creates the link,
that's OK so far.
It'd be ideal if we could remove the same function from
the list in Disable(). Unfortunatelly that's not possible AFAICT,
because we don't know the reference to that function
at that moment, so we can only add a reference to function,
which removes the link. That means that after creating and
removing a link there are 2 functions in the list,
one adding and one removing the link and after
firewalld restart/reload both are called.
It works, but it's far from ideal.
[1] https://jpopelka.fedorapeople.org/firewalld/doc/firewalld.dbus.html#FirewallD1.Signals.Reloaded
[2] http://dbus.freedesktop.org/doc/dbus-specification.html#bus-messages-name-owner-changed
[3] http://dbus.freedesktop.org/doc/dbus-specification.html#message-bus-routing-match-rules
[4] https://en.wikipedia.org/wiki/Closure_%28computer_programming%29
Signed-off-by: Jiri Popelka <jpopelka@redhat.com>
Upstream-commit: b052827e025267336f0d426df44ec536745821f8
Component: engine
Firewalld [1] is a firewall managing daemon with D-Bus interface.
What sort of problem are we trying to solve with this ?
Firewalld internally also executes iptables/ip6tables to change firewall settings.
It might happen on systems where both docker and firewalld are running
concurrently, that both of them try to call iptables at the same time.
The result is that the second one fails because the first one is holding a xtables lock.
One workaround is to use --wait/-w option in both
docker & firewalld when calling iptables.
It's already been done in both upstreams:
b315c380f4b3b451d6f8
But it'd still be better if docker used firewalld when it's running.
Other problem the firewalld support would solve is that
iptables/firewalld service's restart flushes all firewall rules
previously added by docker.
See next patch for possible solution.
This patch utilizes firewalld's D-Bus interface.
If firewalld is running, we call direct.passthrough() [2] method instead
of executing iptables directly.
direct.passthrough() takes the same arguments as iptables tool itself
and passes them through to iptables tool.
It might be better to use other methods, like direct.addChain and
direct.addRule [3] so it'd be more intergrated with firewalld, but
that'd make the patch much bigger.
If firewalld is not running, everything works as before.
[1] http://www.firewalld.org/
[2] https://jpopelka.fedorapeople.org/firewalld/doc/firewalld.dbus.html#FirewallD1.direct.Methods.passthrough
[3] https://jpopelka.fedorapeople.org/firewalld/doc/firewalld.dbus.html#FirewallD1.direct.Methods.addChainhttps://jpopelka.fedorapeople.org/firewalld/doc/firewalld.dbus.html#FirewallD1.direct.Methods.addRule
Signed-off-by: Jiri Popelka <jpopelka@redhat.com>
Upstream-commit: 8301dcc6d702a97feeb968ee79ae381fd8a4997a
Component: engine
Check test correctness of untar by comparing destination with
source. For part 2, it checkes hashes of source and destination
files or the target files of symbolic links.
This is a supplement to the #11601 fix.
Signed-off-by: Yestin Sun <sunyi0804@gmail.com>
Upstream-commit: 67df8e4257c165bc6abe77bb8f4ab55c10b2fbff
Component: engine
Instead of seeding/polluting the global random instance,
creating a local `rand.Random` instance which provides the same
level of randomness.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Upstream-commit: 25fab69f7dcf72dabfeb60f61f50f175692f0b03
Component: engine
pkg/stdcopy NewStdWriter function has wrong doc comment,
utils is not correct, it should be stdcopy
Signed-off-by: Deshi Xiao <xiaods@gmail.com>
Upstream-commit: a715b0e31beabed9ac5702af2ede619b4232cbdb
Component: engine
After finding our initial thinking on env. space versus arg list space
was wrong, we need to solve this by using a pipe between the caller and
child to marshall the (potentially very large) options array to the
archiver.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Upstream-commit: 908db51804635ce002e97e4efb867f7352204f8e
Component: engine
- Trying to add or complete unit test to each ``func``
- Removing dead code (``escapeName``)
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: c4fe5dad1deb45ecde460d7627523dbf032dc205
Component: engine
Check test correctness of untar by comparing destination with
source. For part one, it only compares the directories.
This is a supplement to the #11601 fix.
Signed-off-by: Yestin Sun <yestin.sun@polyera.com>
Upstream-commit: 7bb4b055abab5f5b561a970f7235c2d113a4d85f
Component: engine
Corrected integer size passed to Windows
Corrected DisableEcho / SetRawTerminal to not modify state
Cleaned up and made routines more idiomatic
Corrected raw mode state bits
Removed duplicate IsTerminal
Corrected off-by-one error
Minor idiomatic change
Signed-off-by: Brendan Dixon <brendand@microsoft.com>
Upstream-commit: 1a36a113d4afc11151c80b111d7357b7c31be32b
Component: engine
