The error message was changed from "unauthorized: access to the
requested resource is not authorized" to "unauthorized: authentication
required".
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
Upstream-commit: 37e2103e640861b02a1ea0253df749a527a87e1b
Component: engine
I tagged the current commit so we have a better reference
of what's in this release.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 9e9c73a52893e658e391dfc44d4cea38fa6af980
Component: engine
I encountered silent errors ignoring when runc failed to parse pids.max
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: 14e1325656257c9d96cd01c03e624c99cfc35d31
Component: engine
it's concurrent streams and should be synchronized before writing to response.
Otherwise there will be race in writing to *bufio.Writer in
net/http.response.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: 3eb0a80f29629a1c022dc914437b176271d476fc
Component: engine
This adds a function for copying containerd and other binaries as well
as adding a hash for those files.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: 78568f2eb54a6455dad566923f3c6f03ac300405
Component: engine
Instead of implementing refcounts at each graphdriver, implement this in
the layer package which is what the engine actually interacts with now.
This means interacting directly with the graphdriver is no longer
explicitly safe with regard to Get/Put calls being refcounted.
In addition, with the containerd, layers may still be mounted after
a daemon restart since we will no longer explicitly kill containers when
we shutdown or startup engine.
Because of this ref counts would need to be repopulated.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 563d0711f83952e561a0d7d5c48fef9810b4f010
Component: engine
Based on review feedback.
Signed-off-by: Martin Mosegaard Amdisen <martin.amdisen@praqma.com>
Upstream-commit: 5a701c3e4cd63f0b17b4fe9ab13c8cbe0ea5d353
Component: engine
Pass upstream client's user agent through to registry on operations beyond pulls
Upstream-commit: 9f327b4c2805d3280e4e0ae6fe2d6522e8e753a7
Component: engine
Restores the correct parent chain relationship
between images on docker load if multiple images
have been saved.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Upstream-commit: faeff5118f710f7c4f6173c309b52aaba24118c9
Component: engine
Now that the namespace sharing code via runc is vendored with the
containerd changes, we can disable the restrictions on container to
container net and IPC namespace sharing when the daemon has user
namespaces enabled.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Upstream-commit: 2b278f48460453691c63ad81b0c87b50d8b18979
Component: engine
Not sure if this is the right setup given the containerd change but I need
to have the built version of the nested exes (containerd, runc...) available
to me after the build is completed so I'm always testing using the latest
versions. This PR will copy them into the same bundles dir so people can
them use them if they wish w/o having to build each separately.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Upstream-commit: 1bf5eb20e53b7e242792fcbe399cb997b6a2ba4b
Component: engine
This allows a user to specify explicitly to enable
automatic copying of data from the container path to the volume path.
This does not change the default behavior of automatically copying, but
does allow a user to disable it at runtime.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: b0ac69b67ef79c6c937f84bee3df20a1924ad334
Component: engine
it was introduced with #20566 as a result of merge
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: 93f57705110e196dca1cf2b2ce7d261ee97b9e4e
Component: engine
