This adds a few lines to the RUN Dockerfile docs to explain how to
bypass the RUN caching and how ADD can also invalidate the cache for
these instructions.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Upstream-commit: 239d1ef301eb8d9b2b1e8469489b25ff3708f47f
Component: engine
I've copy and pasted the error message so its googlable.
Docker-DCO-1.1-Signed-off-by: SvenDowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
Upstream-commit: ed703fc8be652eee65319a774ffbe95a07a03242
Component: engine
We don't need this because it is covered by the libcontainer MAINTAINERS
file
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: b22d10e3c541c46cebe7da44fd2f521c4bc653f4
Component: engine
This commit lowers the total time spent in ChangesDirs to half during a
commit.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Upstream-commit: 359f8aca29bf0e7fca757fa73e1d5565ed2d16f7
Component: engine
When listener channel is closed, it becomes always available for
reading: select becomes an active loop which writes default-constructed
events (i.e: empty strings).
Fixes#5766.
Docker-DCO-1.1-Signed-off-by: Arnaud Porterie <arnaud.porterie@gmail.com> (github: icecrime)
Upstream-commit: 8699f53e6a033a7b5b55a2b6356da7c6e220d01f
Component: engine
Add a mention of 80 column lines and reflow the document to hide the evidence.
Upstream-commit: d9b1c1976ff7343a04c030399ef879430e78226b
Component: engine
to cover a couple of use-cases:
* 1mb file, using no compression
* 1mb file, using compression
* 1024 1k files, using no compression
* 1024 1k files, using compression
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
Upstream-commit: d153740d9c7d672b9433f173b9a098a5d3c14c53
Component: engine
This commit makes the Docker daemon call UpdateSuffixarray only after
it finishes registering all containers.
This lowers the amount of time required for the Docker daemon to start
up.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Upstream-commit: 5d5c89398c39e2f38459aae42189c9ca1125c1d3
Component: engine
This commit refactors TruncIndex to make it possible to add container
ids to the TruncIndex without updating the Suffixarray.
This is useful during the Docker daemon's startup when we don't want to
update the Suffixarray for every container we add.
Add continues to function like before.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Upstream-commit: 219b7ae8b526bb5e6d0e27176308db71438a002f
Component: engine
This moves the call to sort in daemon/history to a function to be
called explicitly when we're done adding elements to the list.
This speeds up `docker ps`.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Upstream-commit: e963179c790ec49b28fae0d7ebc0d9d2b3ac0b72
Component: engine
Now IP reuses only after all IPs from network was allocated
Fixes#5729
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
Upstream-commit: 80fca061e7661549a05b2696488db3fea008e2dd
Component: engine
This patch is a preventative patch, it fixes possible future
vulnerabilities regarding unsantised paths. Due to several recent
vulnerabilities, wherein the docker daemon could be fooled into
accessing data from the host (rather than a container), this patch
was created to try and mitigate future possible vulnerabilities in
the same vein.
Docker-DCO-1.1-Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
Upstream-commit: 0fb507dc2328c5c364a2cd1701a155efb1767a1a
Component: engine
This patch adds integration tests for the copying of resources
from a container, to ensure that regressions in the security of
resource copying can be easily discovered.
Docker-DCO-1.1-Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
Upstream-commit: 79ca77f3e80d983cf72aa131c1b59c77c60270b0
Component: engine
This patch fixes the bug that allowed cp to copy files outside of
the containers rootfs, by passing a relative path (such as
../../../../../../../../etc/shadow). This is fixed by first converting
the path to an absolute path (relative to /) and then appending it
to the container's rootfs before continuing.
Docker-DCO-1.1-Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
Upstream-commit: bfc3a4192ae5723e401470688cdae59b95bd61f1
Component: engine
and `create` is now a loaded word for some readers
Docker-DCO-1.1-Signed-off-by: SvenDowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
Upstream-commit: af891a67516149c4db490018430114c137cba9db
Component: engine
