The execdriver pipes setup uses OS pipes with fds so that they can be
chown'ed to the remapped root user for proper access. Recent flakiness
in certain short-lived tests (usually via the "exec" path) reveals that
the copy routines are not completing before exit/tear-down.
This fix adds synchronization and proper closure such that these
routines exit successfully.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Upstream-commit: 995386735c2fe47ebb144f95adbc8eb1341ac48b
Component: engine
Since Docker is already skipping newlines in /etc/sub{uid,gid},
this patch skips commented out lines - otherwise Docker fails to start.
Add unit test also.
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Upstream-commit: bf04d68db2b808a40fa24ac2bfa86c8af22d5f11
Component: engine
Adds a benchmark to measure performance under concurrent actions.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 55c91f2ab9bcd48cfa248a4e842bb78257c14134
Component: engine
This will allow us to have a windows-to-linux CI, where the linux host
can be anywhere, connecting with TLS.
Signed-off-by: Tibor Vass <tibor@docker.com>
Upstream-commit: f4a1e3db998816e5fcb0df56c29519c488890464
Component: engine
We need to add delegate yes to docker's service file so that it can
manage the cgroups of the processes that it launches without systemd
interfering with them and moving the processes after it is reloaded.
```
Delegate=
Turns on delegation of further resource control partitioning to
processes of the unit. For unprivileged services (i.e. those
using the User= setting), this allows processes to create a
subhierarchy beneath its control group path. For privileged
services and scopes, this ensures the processes will have all
control group controllers enabled.
```
This is the proper fix for issue #20152
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: d16737f971092767c1b9d28302a3f5aedbe2f576
Component: engine
Instead of using a process expansion to feed the right arguments to
docker to run on "mh-keystore", just moves up the next step which makes
"mh-keystore" the default target. This makes the guide a bit shorter and
easier to understand.
Signed-off-by: Vincent Bernat <vincent@bernat.im>
Upstream-commit: db5ded0dfc28c71276acf8500fabe3c64c15fbe1
Component: engine
Because devices will be bind-mounted instead of using `mknod`, we need
to make sure the source exists and filter the list by only those whose
source is a valid path/current device entry.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Upstream-commit: 9a554e8c37d522ed791b3bb55f9ba9f21e2ac76a
Component: engine
Attempt layer mounts from up to 3 source repositories, possibly
falling back to a standard blob upload for cross repository pushes.
Addresses compatiblity issues with token servers which do not grant
multiple repository scopes, resulting in an authentication failure for
layer mounts, which would otherwise cause the push to terminate with an
error.
Signed-off-by: Brian Bland <brian.bland@docker.com>
Upstream-commit: 1d3480f9ba3525309030497d5c8a3dd5725ed15a
Component: engine
In cases where the a plugin responds with both a null or empty volume
and a null or empty Err, the daemon would panic.
This is because we assumed the idiom if `err` is nil, then `v` must not
be but in reality the plugin may return whatever it wants and we want to
make sure it doesn't harm the daemon.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 96c79a1934dd52d2a6f648e519b5d4ac60ac8ca1
Component: engine
