This fix tries to address the issue raised in 24538
where the error message is unclear when removing pre-defined networks:
```
docker network rm ingress
Error response from daemon: rpc error: code = 7 desc = 4vlxuzpk8bxdsxpyvkxluol5g is a pre-defined network and cannot be removed
```
This fix improve the error message so that if network's name is specified
in the `RemoveNetwork`, then error message will contain the name and the ID
(instead of just an ID):
```
docker network rm ingress
Error response from daemon: rpc error: code = 7 desc = ingress (4vlxuzpk8bxdsxpyvkxluol5g) is a pre-defined network and cannot be removed
```
An integration test has been added to cover the changes.
This fix fixes 24538.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: de4871165b43ec813940858a1c96ab6bb1fbd776
Component: engine
The daemon is in a separate (dockerd) binary
since docker 1.12, so should no longer be
used.
This marks the command as deprecated, and
adds it to the deprecated features list.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: bf58dd82c31bb3a71916eec743d0560e360c6e08
Component: engine
TestBuildApiDockerFileRemote has been consistently failing (EPERM) on the host
with #26618, which prohibits /sys/firmware from being accessed using apparmor.
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
Upstream-commit: f453261b4a53ab71db8b78ea119b4edd69b95ae3
Component: engine
This adds a small C binary for fighting zombies. It is mounted under
`/dev/init` and is prepended to the args specified by the user. You
enable it via a daemon flag, `dockerd --init`, as it is disable by
default for backwards compat.
You can also override the daemon option or specify this on a per
container basis with `docker run --init=true|false`.
You can test this by running a process like this as the pid 1 in a
container and see the extra zombie that appears in the container as it
is running.
```c
int main(int argc, char ** argv) {
pid_t pid = fork();
if (pid == 0) {
pid = fork();
if (pid == 0) {
exit(0);
}
sleep(3);
exit(0);
}
printf("got pid %d and exited\n", pid);
sleep(20);
}
```
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: ee3ac3aa66bfb27b7c21dfb253fdaa113baedd4e
Component: engine
Test is testing that a user can disconnect from the default network
before it is started (#26220).
This test does not need to use `--rm`, which is never aken into account
since the container is never started.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: f05ed0075893bb907b5cc2612d9193d775134e2d
Component: engine
This fix tries to address the issue raised in 26453 where bad syntax
on dockerfile is not checked before building, thus user has to wait
before seeing error in dockerfile.
This fix fixes the issue by evaluating all the instructions and check
syntax before dockerfile is invoked actually.
All existing tests pass.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: c8dc2b156a079ce03db8f579094b9643632661a8
Component: engine
The swarm scope network connected containers with autostart enabled
there was a dependency problem with the cluster to be initialized before
we can autostart them. With the current container restart code happening
before cluster init, these containers were not getting autostarted
properly. Added a fix to delay the container start of those containers
which has atleast one swarm scope endpoint to until after the cluster is
initialized.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
Upstream-commit: c9fb551d60584ac4ad01561e2f56b7b7cc9483b9
Component: engine
`Mounts` allows users to specify in a much safer way the volumes they
want to use in the container.
This replaces `Binds` and `Volumes`, which both still exist, but
`Mounts` and `Binds`/`Volumes` are exclussive.
The CLI will continue to use `Binds` and `Volumes` due to concerns with
parsing the volume specs on the client side and cross-platform support
(for now).
The new API follows exactly the services mount API.
Example usage of `Mounts`:
```
$ curl -XPOST localhost:2375/containers/create -d '{
"Image": "alpine:latest",
"HostConfig": {
"Mounts": [{
"Type": "Volume",
"Target": "/foo"
},{
"Type": "bind",
"Source": "/var/run/docker.sock",
"Target": "/var/run/docker.sock",
},{
"Type": "volume",
"Name": "important_data",
"Target": "/var/data",
"ReadOnly": true,
"VolumeOptions": {
"DriverConfig": {
Name: "awesomeStorage",
Options: {"size": "10m"},
Labels: {"some":"label"}
}
}]
}
}'
```
There are currently 2 types of mounts:
- **bind**: Paths on the host that get mounted into the
container. Paths must exist prior to creating the container.
- **volume**: Volumes that persist after the
container is removed.
Not all fields are available in each type, and validation is done to
ensure these fields aren't mixed up between types.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: fc7b904dced4d18d49c8a6c47ae3f415d16d0c43
Component: engine
A test failed expecting 200, but received -1, which is an err rc,
not an HTTP status code, so move these checks up.
Also log the output an not just check for a nil err.
Signed-off-by: Christy Perez <christy@linux.vnet.ibm.com>
Upstream-commit: 3dea5dbb9acb2699569c5aaf3737d58793152b3c
Component: engine
When the `-t` flag is passed on exec make sure to add the TERM env var
to mirror the expected configuration from run.
Fixes#9299
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: 4633f15f13d51530de2438c298a1084c55e4fedf
Component: engine
The restriction is no longer necessary given changes at the runc layer
related to mount options of the rootfs. Also cleaned up the docs on
restrictions left for userns enabled mode. Re-enabled tests related to
--read-only when testing a userns-enabled daemon in integration-cli.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Upstream-commit: 6062ae5742e49ec1a79073c327f3d1343c218a12
Component: engine
