so that the latter can be distro specific.
Signed-off-by: Avi Miller <avi.miller@oracle.com>
Upstream-commit: 5c6446f335a9f9010cabe93104f6feced0166dd8
Component: engine
So we marshal/unmarshal its value properly when it's empty.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 4e25d2982b3af25bf55b8bc788d4604f7b539ea4
Component: engine
Integration tests were failing due to proc filter behavior
changes with new apparmor policies.
Also include the missing docker-unconfined policy resolving
potential startup errors. This policy is complain-only so
it should behave identically to the standard unconfined policy,
but will not apply system path-based policies within containers.
Signed-off-by: Eric Windisch <eric@windisch.us>
Upstream-commit: 5832715052e9e165cc40a5ac8178fa62685985aa
Component: engine
- downcase and privatize exported variables that were unused
- make accurate an error message
- added package comments
- remove unused var ReadLogsNotSupported
- enable linter
- some spelling corrections
Signed-off-by: Morgan Bauer <mbauer@us.ibm.com>
Upstream-commit: ccbe539e86dfbb8749c09763ddfd73bf10ac57cc
Component: engine
Currently some notary tests change the system clock to check for expiration.
Skip these tests until the code can be refactored to not rely on updating the system clock.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: bf3c1e6a3afc951e41643b8d55d4ac25fa9cb06d
Component: engine
Crypto rand is a much better seed for math/rand than
time. In the event we use math/rand where we should not,
this will make it a safer source of random numbers.
Although potentially dangerous, this will still fallback
to time should crypto/rand for any reason fail.
Signed-off-by: Eric Windisch <eric@windisch.us>
Upstream-commit: 4742a3964fd276a825a5ff4d1cf8417ae88abcb1
Component: engine
If I run two containers with the same network they share the same /etc/resolv.conf.
The current code changes the labels of the /etc/resolv.conf currently to the
private label which causes it to be unusable in the first container.
This patch changes the labels to a shared label if more then one container
will use the content.
Docker-DCO-1.1-Signed-off-by: Dan Walsh dwalsh@redhat.com (github: rhatdan)
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Upstream-commit: 90b8cebda65b9e45c75c44010833e181167dd4f6
Component: engine
Currently the service type is 'simple', the default, meaning that
docker.service is considered to be started straight after
spawning. This is incorrect as there is significant amount of time
between spawning and docker ready to accept connections on the passed
sockets. Docker does implement systemd socket activate and
notification protocol, and send the ready signal to systemd, once it
is ready. However for systemd to take those notifications into
account, the service file type should be set to notify.
Signed-off-by: Dimitri John Ledkov <dimitri.j.ledkov@intel.com>
Upstream-commit: d3e5179c291a7646c71f1ca608d6700026756f7c
Component: engine
This reverts the change in 5170a2c096 that made ParseDevice private
Signed-off-by: Darren Shepherd <darren@rancher.com>
Upstream-commit: 421786e9254b728298397b8ae3e81e9f6259f369
Component: engine
This allow us to avoid entropy usage in non-crypto critical places.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: 6bca8ec3c9ccc169c53b3d7060fe5c8ba8670aac
Component: engine
You can read random bytes from Reader without exhausting entropy.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: 6963b9c71694509d8511264655f05c203f5b8f97
Component: engine
