security-opts will allow you to customise the security subsystem.
For example the labeling system like SELinux will run on a container.
--security-opt="label:user:USER" : Set the label user for the container
--security-opt="label:role:ROLE" : Set the label role for the container
--security-opt="label:type:TYPE" : Set the label type for the container
--security-opt="label:level:LEVEL" : Set the label level for the container
--security-opt="label:disabled" : Turn off label confinement for the container
Since we are passing a list of string options instead of a space separated
string of options, I will change function calls to use InitLabels instead of
GenLabels. Genlabels interface is Depracated.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Upstream-commit: 87e732a0f3503517d7a66804bb9a7f74977347e5
Component: engine
This also removes dead code in the native driver for a past feature that
was never fully implemented.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: 32dca1a7b0e800d796e54fc8f253818ba64fa075
Component: engine
Changes summary:
* Added available USE flags table(description included).
* Added some tips regarding the use of docker in the Gentoo environment.
* Sorted out docker installation ways.
* Added information about the newly created Gentoo Docker team.
* Misc improvements
Signed-off-by: Pavlos Ratis <dastergon@gentoo.org>
Upstream-commit: f90d201d887028e21290a413046eb1af7fc8e609
Component: engine
This new version makes sure that the same context is used for the two
builds run in the test. If you don't use the same build then about 1/2 the
time the file copied into the container will look like a different file,
probably due to timestamp differences. But reusing the same context we
re-use the same file on disk and therefore avoid the change in timestamps,
and we use the cache on the 2nd build.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Upstream-commit: 8b3fbac15c0579c1372f3e13f607c1001d149d16
Component: engine
Move the body of go_compile_test_dir into a file since GNU Parallel breaks on sourcing exported Bash functions thanks to the shellshock fixes
Upstream-commit: 27c5269b4ee1b77011974a1d1e1776f0b8e00648
Component: engine
Since RemoveLocalDns patch will remove all localhost entries
from resolv.conf we no longer need anything more then
!bytes.Contains(resolvConf, []byte("nameserver")
To check for no nameserver entry in dns config.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Upstream-commit: a297d6ab8c08a13503fd004ec1ad7ee9e23bd22a
Component: engine
We have a bug report complaining about docker dumping the contents of the
hosts resolv.conf if it container 127.0.0.1. They asked that instead
of dropping the file altogether, that we just remove the line.
This patch removes the 127.0.0.1 lines, if they exist and then
checks if any nameserver lines exist.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Upstream-commit: 65640994fda8e1667de3642d8f4daf76dd3de302
Component: engine
When user passes an invalid tag to `docker build`
(i.e. `docker build -t abcd:A0123456789B0123456789C0123456789 .`), check the
tag first and terminate-early so user can specify the tag again
Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
Upstream-commit: 8833d800bf622dcb6a66da0fe4c7a61a1620b62c
Component: engine
Closes#7941
Treat a null in JSON, when reading the config of a container, as if the
property was never included. W/o this fix the null would be saved in the
property as a string with a value of "null".
Signed-off-by: Doug Davis <dug@us.ibm.com>
Upstream-commit: a7cd25b8b69fe23c6458f5242dcd9f9039c99f48
Component: engine
volumes.Get was not checking for symlinked paths meanwhile when adding a
new volume it was following the symlink.
So when trying to use a bind-mount that is a symlink, the volume is
added with the correct path, but when another container tries to use the
same volume it got a "Volume exists" error because volumes.Get returned
nil and as such attempted to create a new volume.
Docker-DCO-1.1-Signed-off-by: Brian Goff <cpuguy83@gmail.com> (github: cpuguy83)
Upstream-commit: 882223c0f8a55c2011277aba08f1487a2930c075
Component: engine
When doing `docker start -a` on a container that won't start, terminal
was getting stuck on the attach, even after container removal.
Docker-DCO-1.1-Signed-off-by: Brian Goff <cpuguy83@gmail.com> (github: cpuguy83)
Upstream-commit: 9ae9d7db574083ce6233b33e8b0bbefb219d7fe6
Component: engine
docker-exec.md needs to be renamed in order to build man page.
Should be docker-exec.1.md
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Upstream-commit: 0a8fb80d99e41f2d8d05f593fd77018e26f4ee2c
Component: engine
When read is called on a tarsum with a two different read sizes, specifically the second call larger than the first, the dynamic buffer does not get reallocated causing a slice read error.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: 5cdf7f507771e159ddd335f3757cd33f7ba4e426
Component: engine
Currently, the HostConfig is only passed from the CLI to Docker only
when issuing a docker create, but not when doing a docker run.
In the near future, in order to allocate ports at creation time rather
than start time, we will need to have the HostConfig readily available
at container creation.
This PR makes the client always pass the HostConfig when creating a
container (regardless of whether it's for a run or create).
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
Upstream-commit: 1df87b95066198c30312147393c18e0be0564fd0
Component: engine
hack: TIMEOUT (for controlling test timeout) and forwarding of BUILDFLAGS to binary/dynbinary.
Upstream-commit: 993033d67ad5d2d9d4981708d7388694c3ecc8af
Component: engine
