This removes the key generation for trust from main while it is not
being consumed. The problem is that because this is being set in main
if a user runs as root initially the files will be owned by root. Later
if the user sets up the docker group they are unable to read the keys.
This is half a user error and documentation problem and the other half
is management.
We decided to remove this code for now while it is not being used and
will revisit it later when the consuming features are added. A few
options are to generate lazily and provide a clear error message on an
EPERM so that the user knows what is wrong and can correct the
permissions.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: 712e8da885de00d1957a15c0c7f862fb3b2f6beb
Component: engine
`${SOME_VAR%pattern}` was turning into `SOME_VAL%pattern}` which the shell would then balk at.
I've updated the `TOKEN_ENV_INTERPOLATION` regex to account for this (ie, if `${` is used, it _must_ also match the closing `}`), and renamed the variable to not be exported (since it's not used outside the function following it).
I also added comments for the bits of `tokenEnvInterpolation` so they're easier to follow. 😄
Signed-off-by: Andrew Page <admwiggin@gmail.com>
Upstream-commit: 24189b2c36985f8345691fa6ec2c0766cfc133a7
Component: engine
This fixes issues where the apparmor profile is not applied to processes
via docker exec. As a side effect the parent processes were unable to
kill the additional child processes because of the profile mismatch.
Easy way to reproduce on an apparmor system:
docker run -ti debian:jessie bash
ps auxZ
- look at the labels
- in another shell
docker exec <name> sleep 1000
- go back to the first container and
ps auxZ
- make sure all processes have the correct docker-default profile
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: 018ce19b31bbd8d752658835e9442fa7d59a47e3
Component: engine
Because of the base image change, $HOME is not always / and we need to
write to the proper $HOME within the container to complete the release
process.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: e0a1df8e683879bb999623a9521b272aafcc4208
Component: engine
Add some information about the storage and execution driver choices
Docker-DCO-1.1-Signed-off-by: SvenDowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
Upstream-commit: 5bcff59febc1ac798d735b52cc4e92db1ab41bd9
Component: engine
Turn off editing for auto-generated index pages, and scroll the user to the right section
Upstream-commit: c2096d70968e9c003608fd14237afc4b189fa03f
Component: engine
start sending robots.txt (and humans.txt) again, and set to dissallow if...
Upstream-commit: 3040c8b759d2a17ee49d81b3be48237fd87086a1
Component: engine
This makes it possible to make the Docker client "secure by default"
without wrapping the binary in a shell alias so that `--tlsverify` is
always passed.
Signed-off-by: Aanand Prasad <aanand.prasad@gmail.com>
Upstream-commit: 19fb942d3609f647adeda68c6ca106371c7b32ac
Component: engine
and move the complicated discussion about branches lower down,
hopefully most won't need to know
Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
Upstream-commit: 3d2f10e28ae6aa278aca4403d2e3b55cc8071022
Component: engine
This uses @dnephin's changes to the base.html (thank you!)
and then adds the hide_toc: page meta
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@docker.com> (github: SvenDowideit)
Upstream-commit: d883fb66b04b58bf446fa2b493644d0f453829cb
Component: engine
@SvenDowideit see what you think. I'd like to get your take on this
before I submit the PR.
Closes#4789
Signed-off-by: Doug Davis <dug@us.ibm.com>
Upstream-commit: 61387427cb9b1ed6a4c34e0a7960183159ee305d
Component: engine
Apparently, the [...] and (http...) need to be right after each other instead
of on different lines.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Upstream-commit: b10e11f30e111e6d4ae4b439e64463e08b3ab78b
Component: engine
