Fixes in the Service Discovery areas
Signed-off-by: Flavio Crisciani <flavio.crisciani@docker.com>
Upstream-commit: e1953f1ca717c2609a0ee801c8af5b874d9fc3d2
Component: engine
Recent changes to devmapper broke the implicit requirement that UdevWait be
called after every call to task.setCookie. Failure to do so results in leaks of
semaphores in the LVM code, eventually leading to semaphore exhaustion.
Previously this was handled by calling UdevWait in a ubiquitous defer function.
While there was initially some concern with deferring the UdevWait function
would cause some amount of race possibiliy, the fact that we never return the
cookie value or any value used to find it, makes that possibility seem unlikely,
so lets go back to that method
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Upstream-commit: 23dcfec1404411489e23fb9b76fc7096db139d04
Component: engine
Doing a chown/chmod automatically can cause `EPERM` in some cases (e.g.
with an NFS mount). Currently Docker will always call chown+chmod on a
volume path unless `:nocopy` is passed in, but we don't need to make
these calls if the perms and ownership already match and potentially
avoid an uneccessary `EPERM`.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: f05a023760493dbd41fbfc1bb76ad334b579e94e
Component: engine
Whitelisting adjtimex get time operation and requiring CAP_SYS_TIME only in case of adjustment
Upstream-commit: 4f259698b07653e9e5220e097df79862f9e54b74
Component: engine
otherwise if the user gets the info from the API, makes a non-CA related change,
then updates, swarm will interpret this as the user trying to remove the signing
key from the swarm. We are redacting due to usability reasons, not because
the signing cert is secret. The signing KEY is secret, hence it's redacted.
Signed-off-by: Ying Li <ying.li@docker.com>
Upstream-commit: bdfbd22afbbf16a07f0316656c6c17453df3e0f7
Component: engine
Description:
When docker is in startup process and containerd sends an "process exit" event to docker.
If the container config '--restart=always', restartmanager will start this container very soon.
But some initialization is not done, e.g. `daemon.netController`,when visit, docker would panic.
Signed-off-by: Wentao Zhang <zhangwentao234@huawei.com>
Upstream-commit: 5b0993d6c778c18735692560538c790faa3dbbb4
Component: engine
They have been moved to github.com/docker/cli.
Signed-off-by: Tibor Vass <tibor@docker.com>
Upstream-commit: b5579a4ce33af4c1f67118e11b5a01008a36d26a
Component: engine
Also, this removes the use of a questionable golang range feature which
corrects for mutation of a slice during iteration over that slice. This
makes the filter operation easier to read and reason about.
Signed-off-by: David Sheets <dsheets@docker.com>
Upstream-commit: 7da3986297e04b419ce08b19766633dba36b7d30
Component: engine
Fix#33052 (workaround style)
**- What I did**
HNS reports networks that don't have anything to do with the Daemon, and
for which no networking plugin is available. This make the Daemon start
sequence pause for 15 secs, as the plugin resolving logic has a wait &
retry logic
**- How I did it**
Just after retrieving the HNS networks, I filter out those with type
`Private`
**- How to verify it**
Replace dockerd coming with Docker for Windows from one built from this
PR. Windows containers daemon should now launch pretty quickly
Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
Upstream-commit: b91fd26bb57c94a7ea7f77e5e548233506b78d21
Component: engine
Moby and Docker are separate projects, so
don't assign docker milestones to pull requests
in this repository.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: e481509c746bb53c93b11c349f42ed2549ab728c
Component: engine
This patch simplifies the test by;
- re-using the registry-mock / handler
- skipping the last `docker build`, which was only
used to make sure a local image was present. Instead,
the daemon is started with a `busybox` image loaded.
Also added a comment, explaining why the mock always
returns a 404 (hence, error/output-string should not
be checked in the test), and made the mock return a
valid/correctly formatted error response.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 5d04fe73bf9fa7cff1b99206f39536aed807efb3
Component: engine
The `makefile()` utility was used to create a temporary Dockerfile, and after
tests completed, this file was deleted.
However, the _build_ used the current path (`/usr/local/bin/docker`) as
build-context. As a result, roughtly 20 MB was sent as build-context for each
build, but none of the builds actually required a build-context.
This patch;
- creates a temp-dir for the test, which can be used as build-context
- changes the `makefile()` utility and removes the `cleanup` functionality
- instead, the `temp-dir` is removed after the test finishes (which also removes the temporary `Dockerfile`)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: ebe66b1d0f52dc58a98a428d4efa4d2f2743b96e
Component: engine
