- Stop serializing JSONMessage in favor of events.Message.
- Keep backwards compatibility with JSONMessage for container events.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 72f1881df102fce9ad31e98045b91c204dd44513
Component: engine
Because it can still run on windows server and fail because it doesn't
have `chown`.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 9aad7d209f8919726b40034a40e619f1efa46716
Component: engine
Rename Dockerfile.arm to Dockerfile.armhf to more clearly reflect the specific subversion of ARM it targets
Upstream-commit: 3be1a80f1ab2c07322cf54e4bce42914b797c3b1
Component: engine
Adds the new label to the documentation. The
impact/distribution label is intended for changes
that affect the image-format or interaction
with the registry (distribution).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: ac0180620d906c39486963460415502f7abbd16f
Component: engine
Also, fix up some minor whitespace consistency issues, remove a little cruft, and update GOARM for armhf to 7 so that we're explicit.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Upstream-commit: dc38061bee468ebfbfa3c89f0bb5b2edb5fd5147
Component: engine
Only two of these are not handled, the one in `TestBuildForceRm`
is intended to not be handled, while the other one in
`TestBuildResourceConstraintsAreUsed` causes problem.
In test case `TestBuildResourceConstraintsAreUsed`, somehow we
are not able to access network to get base image, but the error
message is:
```
Error: failed to inspect container : Unable to read inspect data: json: cannot unmarshal array into Go value of type types.ContainerJSON
```
Totally confusion.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Upstream-commit: 1b34008532849467623039f78191e0f706fb34a5
Component: engine
When a container create with -m 100m and then docker update other
cgroup settings such as --cpu-quota, the memory limit show by
docker stats will become the default value but not the 100m.
Signed-off-by: Lei Jitang <leijitang@huawei.com>
Upstream-commit: 518ed75e1ab5b102fffd7fcbf046c127b44c7be7
Component: engine
- Use the ones provided by docker/go-connections, they are a drop in replacement.
- Remove pkg/sockets from docker.
- Keep pkg/tlsconfig because libnetwork still needs it and there is a
circular dependency issue.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 8e034802b7ad92a29f08785e553415adcd1348a3
Component: engine
This can be allowed because it should only restrict more per the seccomp docs, and multiple apps use it today.
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
Upstream-commit: b610fc226afdf663b0ad46ad982c27fdee61f671
Component: engine
Block kcmp, procees_vm_readv, process_vm_writev.
All these require CAP_PTRACE, and are only used for ptrace related
actions, so are not useful as we block ptrace.
Signed-off-by: Justin Cormack <justin.cormack@unikernel.com>
Upstream-commit: a0a8ca0ae0bc9dc7faa0b8bacf4ca376c7257348
Component: engine
The bpf syscall can load code into the kernel which may
persist beyond container lifecycle. Requires CAP_SYS_ADMIN
already.
Signed-off-by: Justin Cormack <justin.cormack@unikernel.com>
Upstream-commit: 33568405f34f363de49b1146119cc53bcb9e5f16
Component: engine
