This patch will allow users to specify namespace specific "kernel parameters"
for running inside of a container.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
Upstream-commit: 9caf7aeefd23263a209c26c8439d26c147972d81
Component: engine
This fix tries to fix the discrepancy between API and CLI on hostname
validation. Previously, the hostname validation was handled at the
CLI interface in runconfig/opts/parse.go and return an error if the
hostname is invalid. However, if an end user use the remote API to
pass the hostname, the error will not be returned immediately.
Instead the error will only be thrown out when the container creation
fails. This creates behavior discrepancy between API and CLI.
In this fix, the hostname validation was moved to
verifyContainerSettings so the behavior will be the same for API and
CLI.
After the change, since CLI does not handle the hostname validation
any more, the previous unit tests about hostname validation on CLI
in runconfig/opts/parse_test.go has to be updated as well because
there is no validation at this stage. All those unit tests are moved
to integration test TestRunTooLongHostname so that the hostname
validation is still properly covered as before.
Note: Since the hostname validation moved to API, the error message
changes from `invalid hostname format for --hostname:` to
`invalid hostname format:` as well because `--hostname` is passed
to CLI only.
This fix fixes#21595.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: ee4bd806ba6ccac0013eb812e7f30bfcfe12d22a
Component: engine
Creates a `fixedBuffer` type that is used to encapsulate functionality
for reading/writing from the underlying byte slices.
Uses lazily-loaded set of sync.Pools for storing buffers that are no
longer needed so they can be re-used.
```
benchmark old ns/op new ns/op delta
BenchmarkBytesPipeWrite-8 138469 48985 -64.62%
BenchmarkBytesPipeRead-8 130922 56601 -56.77%
benchmark old allocs new allocs delta
BenchmarkBytesPipeWrite-8 18 8 -55.56%
BenchmarkBytesPipeRead-8 0 0 +0.00%
benchmark old bytes new bytes delta
BenchmarkBytesPipeWrite-8 66903 1649 -97.54%
BenchmarkBytesPipeRead-8 0 1 +Inf%
```
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 9a25b1d942da88439ec04797ff6f1c33c3b5562d
Component: engine
Use an interface to specify the behavior of a configuration decoder.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: f0d26e1665f7552972db5b041554cc7b45bc3060
Component: engine
This fix tries to fix issues encountered when running a container with a hostname
that is longer than HOST_NAME_MAX(64).
Previously, `could not synchronise with container process` was generated as the
length of the regex check was missing.
This fix covers the length check so that a hostname that is longer than
HOST_NAME_MAX(64) will be given a correct error message.
Several unit tests cases and additional integration test cases are added as well.
This fix closes#21445.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: fa44b4e81ee87f1c2b39ad335a22795415c8cdf2
Component: engine
it was introduced with #20566 as a result of merge
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: 93f57705110e196dca1cf2b2ce7d261ee97b9e4e
Component: engine
The issue comes from the implementation of volumeSplitN() where a
driver letter (`[a-zA-Z]:`) was assumed to follow either `:`, `/`,
or `\\`.
In Windows driver letter appears in two situations:
a. `^[a-zA-Z]:` (A colon followed by `^[a-zA-Z]:` is OK as colon is
the separator in volume option)
b. A string in the format like `\\?\C:\Windows\...` (UNC).
Therefore, a driver letter can only follow either a `:` or `\\`
This PR removes the condition of `/` before the driver letter so
that options like `-v /tmp/q:/foo` could be handled correctly. A
couple of tests has also been added.
This PR fixes#20122.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 800a7d513d3b80478a7996cb2c357b72f65e0b09
Component: engine
All other options we have use `=` as separator, labels,
log configurations, graph configurations and so on.
We should be consistent and use `=` for the security
options too.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: cb9aeb0413ca75bb3af7fa723a1f2e6b2bdbcb0e
Component: engine
This allows users to provide a FQDN as hostname or to use distinct hostname and
domainname parts. Depends on https://github.com/docker/libnetwork/pull/950
Signed-off-by: Tim Hockin <thockin@google.com>
Upstream-commit: 53c5de29217f9633117cb01ada180d1133d76737
Component: engine
Following #19995 and #17409 this PR enables skipping userns re-mapping
when creating a container (or when executing a command). Thus, enabling
privileged containers running side by side with userns remapped
containers.
The feature is enabled by specifying ```--userns:host```, which will not
remapped the user if userns are applied. If this flag is not specified,
the existing behavior (which blocks specific privileged operation)
remains.
Signed-off-by: Liron Levin <liron@twistlock.com>
Upstream-commit: 6993e891d10c760d22e0ea3d455f13858cd0de46
Component: engine
Docker creates a UTS namespace by default, even with --net=host, so it
is reasonable to let the user set the hostname. Note that --hostname is
forbidden if the user specifies --uts=host.
Closes#12076
Signed-off-by: Jason Heiss <jheiss@aput.net>
Upstream-commit: 3f445e63b4568845f439c5d30a99ba10603b1938
Component: engine
also fix wrong function comment
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Upstream-commit: d266142230bd041c8299eef329cf79a17f8f7478
Component: engine
Make sure the image configuration is not overriden by the default
value in the `create` flag.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: a252516ec19c9c83055a882da894712f2e812ecc
Component: engine
since it is an error if that address is unavailable.
Signed-off-by: Bryan Boreham <bjboreham@gmail.com>
Upstream-commit: 7126ecd0ad1f6188540949cbdbca20f4a75d1839
Component: engine
Default is predefined network and is reserved, so we should stop user
from creating network with name `default`
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
Upstream-commit: 31dae442c8a640694209c7451d6e9bf644aa2743
Component: engine
This brings in the container-local alias functionality for containers
connected to u ser-defined networks.
Signed-off-by: Madhu Venugopal <madhu@docker.com>
Upstream-commit: e221b8a3d64c13178e156fc3ece5e9894dac1603
Component: engine
It's like `MemorySwappiness`, the default value has specific
meaning (default false means enable oom kill).
We need to change it to pointer so we can update it after
container is created.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
(cherry picked from commit 9c2ea42329179c589f5a8991ccf0253eb10fc897)
Conflicts:
vendor/src/github.com/docker/engine-api/types/container/host_config.go
Upstream-commit: f4a687334b1d026c84809fd005e1a82225d1c86f
Component: engine
Merge was used by builder and daemon. With this commit, the builder
call has been inlined and the function moved to the daemon package,
which is the only other caller.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
Upstream-commit: eb4ae8e28aa0baf28d6cde1079a5f9c618d475b2
Component: engine
dockerfile.Config is almost redundant with ImageBuildOptions.
Unify the two so that the latter can be removed. This also
helps build's API endpoint code to be less dependent on package
dockerfile.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
Upstream-commit: 5190794f1d85d5406611eb69c270df62ac1cdc7f
Component: engine
