This fix tries to address the issue raised in #24374 where
`docker info` outputs seccomp support in Ubuntu 14.04 but
the seccomp wass not actually supported.
The issue is that in the current docker implementation, seccomp
support is only checked against the kernel by inspect CONFIG_SECCOMP
and CONFIG_SECCOMP_FILTER. However, seccomp might not be enabled
when building docker (through golang build flag).
This fix adds a supportSeccomp boolean variable. The supportSeccomp
is only set to true when seccomp is enabled when building docker.
This fix fixes#24374.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: a3b9dd89a1b19e7f84617b91f3756ae816c11035
Component: engine
`make run` allows you to fire up a daemon (in a container) just using
the existing built binaries. This allows for more rapid iteration
instead of dealing with firing up a shell just to start the daemon.
By default the daemon will listen on port 2375 on the default network
interface.
If a port forward is required to access the daemon, the user can set
`make DOCKER_PORT=2375 run` to get a port forward on a random port with
the daemon listening on port 2375, or `make DOCKER_PORT=2375:2375 run`
to get a daemon running with port 2375 forwarded to the daemon running
on 2375.
Note that the daemon is automatically configured to listen on whatever
port is set for the container side of the `DOCKER_PORT` port spec.
When running on docker4mac, the user must do the following:
```
$ make BINDDIR=. DOCKER_PORT=2375 run
```
This makes sure the binaries are loaded in the container and a port is
forwarded, since it is currently impossible to route traffic from the
mac directly to a container IP.
To get a fresh binary:
```
$ make BINDDIR=. DOCKER_PORT=2375 binary run
```
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: cae890bc79f7cf2a9d482453f0589d35d3f0a41c
Component: engine
The archive is only available on docs.docker.com, and not
when doing a "make docs", so relative links will not resolve.
Making these links absolute, so that they always
point to the live "docs.docker.com" domain.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 4b090ae5f259dcedb946463a8512b2416a971fcb
Component: engine
This was missed in #23312 even though the other parts of
this were fixed.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Upstream-commit: 47ace5cd989103f7d646282fce66434b5a3c13f6
Component: engine
This is now up to date with contents of 1.12 tgz
Also change usage to `dockerd` not `docker daemon`
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Upstream-commit: 7102e09f29822e4bb0e375738c5194ded8b716ca
Component: engine
This patch makes sure daemon resources are cleaned up on shutdown if
there are no running containers.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 2d5dc94b9b547a9ba73f7b613e358b03fdfb2b84
Component: engine
- Update ps with `--last` flag
- Update commands with current output
- Make sure hugo does not detect the wrong language
- Update usage for `tag` command to be more coherent with the other ones
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: f4cfc6b9830ed236eb588d6a4dddca7455145e70
Component: engine
This reduces memory usage with a lot of docker proxy processes.
On Docker for Mac we are currently carrying a patch to replace
the binary as we modify it to forward ports to the Mac rather
than the Linux VM, this allows us to simply replace this binary
in our packaging with one that has a compatible interface. This
patch does not provide an easy way to substitute a binary as
the interface is complex and there are few use cases, but where
needed this can be done.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Upstream-commit: 0682468431867e3382a759402eb92df5877e310b
Component: engine
