p4u1/docker-cli
0
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
87c07240764e3355de6baff4074ebc36a5ca8efc
docker-cli/components/engine/daemon
History
Aleksa Sarai 87c0724076 devicemapper: remove container rootfs mountPath after umount 
libdm currently has a fairly substantial DoS bug that makes certain
operations fail on a libdm device if the device has active references
through mountpoints. This is a significant problem with the advent of
mount namespaces and MS_PRIVATE, and can cause certain --volume mounts
to cause libdm to no longer be able to remove containers:

  % docker run -d --name testA busybox top
  % docker run -d --name testB -v /var/lib/docker:/docker busybox top
  % docker rm -f testA
  [fails on libdm with dm_task_run errors.]

This also solves the problem of unprivileged users being able to DoS
docker by using unprivileged mount namespaces to preseve mounts that
Docker has dropped.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
Upstream-commit: 92e45b81e0a8b68d9567a2068247460a1ba59600
Component: engine
2017-09-06 20:11:01 +10:00
..
caps
cluster
Add unconvert linter
2017-08-24 15:08:31 -04:00
config
Fix bad import graph from opts/opts.go
2017-08-29 15:32:43 -04:00
discovery
Update logrus to v1.0.1
2017-07-31 13:16:46 -07:00
events
make engine support cluster config event
2017-07-11 17:21:15 +08:00
exec
Remove string checking in API error handling
2017-08-15 16:01:11 -04:00
graphdriver
devicemapper: remove container rootfs mountPath after umount
2017-09-06 20:11:01 +10:00
initlayer
[project] change syscall to /x/sys/unix|windows
2017-07-11 08:00:32 -04:00
links
use t.Fatal() to output the err message where the values used for formatting
2017-02-23 10:16:22 +08:00
listeners
Add unconvert linter
2017-08-24 15:08:31 -04:00
logger
Merge pull request #31727 from sascha-andres/31726-le-lion-only
2017-08-22 14:59:28 +02:00
network
stats
Remove string checking in API error handling
2017-08-15 16:01:11 -04:00
apparmor_default_unsupported.go
daemon: switch to 'ensure' workflow for AppArmor profiles
2016-12-07 08:47:28 +11:00
apparmor_default.go
apparmor: make pkg/aaparser work on read-only root
2017-05-18 00:05:13 +10:00
archive_tarcopyoptions_unix.go
Fix vfs unit test and port VFS to the new IDMappings
2017-06-07 11:44:34 -04:00
archive_tarcopyoptions_windows.go
daemon/archive.go: Fix copy routines to preserve UID.
2017-04-12 10:33:19 +00:00
archive_tarcopyoptions.go
Partial refactor of UID/GID usage to use a unified struct.
2017-06-07 11:44:33 -04:00
archive_unix.go
Remove CopyOnBuild from the daemon.
2017-06-08 15:06:54 -04:00
archive_windows.go
Remove CopyOnBuild from the daemon.
2017-06-08 15:06:54 -04:00
archive.go
Remove string checking in API error handling
2017-08-15 16:01:11 -04:00
attach.go
Fix golint errors.
2017-08-18 14:23:44 -04:00
auth.go
bindmount_solaris.go
bindmount_unix.go
build.go
Update logrus to v1.0.1
2017-07-31 13:16:46 -07:00
cache.go
Update logrus to v1.0.1
2017-07-31 13:16:46 -07:00
changes.go
checkpoint.go
Fix checkpoint ls
2017-05-18 10:57:10 +08:00
cluster.go
Fix race condition between swarm and libnetwork
2017-05-10 21:16:52 -07:00
commit.go
LCOW: Rework after 33454 merged which refactored daemon/builder interface
2017-06-20 19:50:13 -07:00
configs_linux.go
Add config support to executor backend
2017-05-11 10:08:21 -07:00
configs_unsupported.go
Add Windows configs support
2017-05-16 14:25:32 -07:00
configs_windows.go
Add Windows configs support
2017-05-16 14:25:32 -07:00
configs.go
Update logrus to v1.0.1
2017-07-31 13:16:46 -07:00
container_linux.go
Remove string checking in API error handling
2017-08-15 16:01:11 -04:00
container_operations_solaris.go
Include Endpoint List for Shared Endpoints
2017-07-06 12:19:17 -07:00
container_operations_unix.go
Remove string checking in API error handling
2017-08-15 16:01:11 -04:00
container_operations_windows.go
Update logrus to v1.0.1
2017-07-31 13:16:46 -07:00
container_operations.go
Remove string checking in API error handling
2017-08-15 16:01:11 -04:00
container_windows.go
Added an apparmorEnabled boolean in the Daemon struct to indicate if AppArmor is enabled or not. It is set in NewDaemon using sysInfo information.
2017-01-30 16:23:23 +01:00
container.go
LCOW: WORKDIR correct handling
2017-08-17 15:29:17 -07:00
create_unix.go
Update logrus to v1.0.1
2017-07-31 13:16:46 -07:00
create_windows.go
LCOW: Force to be Hyper-V Isolation
2017-08-09 09:26:51 -07:00
create.go
LCOW: WORKDIR correct handling
2017-08-17 15:29:17 -07:00
daemon_experimental.go
daemon_linux_test.go
use t.Fatal() to output the err message where the values used for formatting
2017-02-23 10:16:22 +08:00
daemon_linux.go
Update logrus to v1.0.1
2017-07-31 13:16:46 -07:00
daemon_solaris.go
Merge pull request #34356 from mlaventure/update-containerd
2017-08-24 14:25:44 -07:00
daemon_test.go
Store container names in memdb
2017-07-13 12:35:00 -07:00
daemon_unix_test.go
Use ID rather than Name to identify a container when sharing namespace
2017-08-25 01:55:50 +08:00
daemon_unix.go
Merge pull request #34352 from ChenMin46/fix_rename_shared_namespace
2017-08-25 09:39:58 -07:00
daemon_unsupported.go
daemon_windows.go
Add deadcode linter
2017-08-21 18:18:50 -04:00
daemon.go
Fix bad import graph from opts/opts.go
2017-08-29 15:32:43 -04:00
debugtrap_unix.go
Update logrus to v1.0.1
2017-07-31 13:16:46 -07:00
debugtrap_unsupported.go
debugtrap_windows.go
Use event functions from golang.org/x/sys/windows
2017-08-21 12:58:09 +02:00
delete_test.go
Move ErrorContains to an internal package.
2017-08-25 12:04:58 -04:00
delete.go
Remove string checking in API error handling
2017-08-15 16:01:11 -04:00
dependency.go
Add config support to executor backend
2017-05-11 10:08:21 -07:00
disk_usage.go
Move to a single tag-store
2017-08-18 17:09:27 -07:00
errors.go
Remove string checking in API error handling
2017-08-15 16:01:11 -04:00
events_test.go
LCOW: Remove CommonContainer - just Container
2017-06-20 08:55:46 -07:00
events.go
Update logrus to v1.0.1
2017-07-31 13:16:46 -07:00
exec_linux.go
daemon: also ensureDefaultApparmorProfile in exec path
2017-03-13 15:20:05 +11:00
exec_solaris.go
exec_windows.go
LCOW: pass command arguments without extra quoting
2017-06-24 10:23:17 -07:00
exec.go
Add interfacer linter
2017-08-24 15:08:26 -04:00
export.go
LCOW: Don't block export
2017-08-08 12:54:06 -07:00
getsize_unix.go
Update logrus to v1.0.1
2017-07-31 13:16:46 -07:00
health_test.go
Move checkpointing to the Container object
2017-06-23 07:52:32 -07:00
health.go
Add deadcode linter
2017-08-21 18:18:50 -04:00
image_delete.go
Move to a single tag-store
2017-08-18 17:09:27 -07:00
image_exporter.go
Move to a single tag-store
2017-08-18 17:09:27 -07:00
image_history.go
Move to a single tag-store
2017-08-18 17:09:27 -07:00
image_inspect.go
Move to a single tag-store
2017-08-18 17:09:27 -07:00
image_pull.go
Move to a single tag-store
2017-08-18 17:09:27 -07:00
image_push.go
Move to a single tag-store
2017-08-18 17:09:27 -07:00
image_tag.go
Move to a single tag-store
2017-08-18 17:09:27 -07:00
image.go
Move to a single tag-store
2017-08-18 17:09:27 -07:00
images.go
Move to a single tag-store
2017-08-18 17:09:27 -07:00
import.go
Remove string checking in API error handling
2017-08-15 16:01:11 -04:00
info_unix_test.go
Refactor "init" version parsing, and add unit-test
2017-04-08 11:28:37 +02:00
info_unix.go
Update logrus to v1.0.1
2017-07-31 13:16:46 -07:00
info_windows.go
info.go
Add unconvert linter
2017-08-24 15:08:31 -04:00
inspect_solaris.go
Move platform specific mount data to Container
2017-06-23 07:22:47 -07:00
inspect_unix.go
Move platform specific mount data to Container
2017-06-23 07:22:47 -07:00
inspect_windows.go
Move platform specific mount data to Container
2017-06-23 07:22:47 -07:00
inspect.go
Remove string checking in API error handling
2017-08-15 16:01:11 -04:00
keys_unsupported.go
change minor mistake of spelling
2016-12-20 21:05:19 +08:00
keys.go
kill.go
Remove string checking in API error handling
2017-08-15 16:01:11 -04:00
links.go
Remove links when remove container
2017-07-18 12:09:26 +08:00
list_unix.go
stop grabbing container locks during ps
2017-06-23 07:52:31 -07:00
list_windows.go
stop grabbing container locks during ps
2017-06-23 07:52:31 -07:00
list.go
Remove string checking in API error handling
2017-08-15 16:01:11 -04:00
logdrivers_linux.go
logdrivers_windows.go
logs_test.go
logs.go
Remove string checking in API error handling
2017-08-15 16:01:11 -04:00
metrics_unix.go
Update logrus to v1.0.1
2017-07-31 13:16:46 -07:00
metrics_unsupported.go
Add support for metrics plugins
2017-05-12 00:30:09 -04:00
metrics.go
Add deadcode linter
2017-08-21 18:18:50 -04:00
monitor_linux.go
monitor_solaris.go
monitor_windows.go
Update Windows and LCOW to use v1.0.0 runtime-spec
2017-08-21 15:19:31 -07:00
monitor.go
Fix golint errors.
2017-08-18 14:23:44 -04:00
mounts.go
Fix issue backporting mount spec to pre-1.13 obj
2017-05-11 12:31:53 -04:00
names.go
Remove string checking in API error handling
2017-08-15 16:01:11 -04:00
network.go
Fix golint errors.
2017-08-18 14:23:44 -04:00
oci_linux.go
Merge pull request #34625 from dnephin/more-linters
2017-09-01 08:46:08 -07:00
oci_solaris.go
Remove error return from RootPair
2017-06-07 11:45:33 -04:00
oci_windows.go
Update Windows and LCOW to use v1.0.0 runtime-spec
2017-08-21 15:19:31 -07:00
pause.go
Remove string checking in API error handling
2017-08-15 16:01:11 -04:00
prune.go
Move to a single tag-store
2017-08-18 17:09:27 -07:00
reload_test.go
Add daemon option to push foreign layers
2017-05-16 14:36:36 -07:00
reload.go
Implement none, private, and shareable ipc modes
2017-08-14 10:50:39 +03:00
rename.go
Remove string checking in API error handling
2017-08-15 16:01:11 -04:00
resize.go
Remove string checking in API error handling
2017-08-15 16:01:11 -04:00
restart.go
Update logrus to v1.0.1
2017-07-31 13:16:46 -07:00
search_test.go
Remove redundant format
2016-12-27 21:46:52 +08:00
search.go
Remove string checking in API error handling
2017-08-15 16:01:11 -04:00
seccomp_disabled.go
seccomp_linux.go
Update logrus to v1.0.1
2017-07-31 13:16:46 -07:00
seccomp_unsupported.go
secrets_linux.go
secrets_unsupported.go
Add Windows secrets support
2017-05-16 11:30:06 -07:00
secrets_windows.go
Add Windows secrets support
2017-05-16 11:30:06 -07:00
secrets.go
Update logrus to v1.0.1
2017-07-31 13:16:46 -07:00
selinux_linux.go
Switch to using opencontainers/selinux for selinux bindings
2017-04-24 21:29:47 +02:00
selinux_unsupported.go
start_unix.go
Remove string checking in API error handling
2017-08-15 16:01:11 -04:00
start_windows.go
Update Windows and LCOW to use v1.0.0 runtime-spec
2017-08-21 15:19:31 -07:00
start.go
Fix golint errors.
2017-08-18 14:23:44 -04:00
stats_collector.go
Extract daemon statsCollector to its own package
2017-01-04 18:18:30 +01:00
stats_unix.go
Remove string checking in API error handling
2017-08-15 16:01:11 -04:00
stats_windows.go
stats.go
Send "Name" and "ID" when stating stopped containers
2017-02-09 09:46:59 +08:00
stop.go
Remove string checking in API error handling
2017-08-15 16:01:11 -04:00
top_unix_test.go
Fixing issue of docker top command failure when dealing with -m option
2017-03-10 02:50:21 +00:00
top_unix.go
Remove string checking in API error handling
2017-08-15 16:01:11 -04:00
top_windows.go
Convert ContainerTopOKResponse from swagger spec.
2017-01-03 11:47:47 -05:00
unpause.go
update_linux.go
Add --cpus support for docker update
2017-04-06 15:40:12 -07:00
update_solaris.go
update_windows.go
update.go
Fix golint errors.
2017-08-18 14:23:44 -04:00
volumes_unit_test.go
volumes_unix_test.go
Spelling fixes
2017-07-03 13:13:09 -07:00
volumes_unix.go
avoid saving container state to disk before daemon.Register
2017-06-23 07:52:34 -07:00
volumes_windows.go
Partial refactor of UID/GID usage to use a unified struct.
2017-06-07 11:44:33 -04:00
volumes.go
Remove string checking in API error handling
2017-08-15 16:01:11 -04:00
wait.go
Update ContainerWait API
2017-05-16 15:11:39 -07:00
workdir.go
Remove error return from RootPair
2017-06-07 11:45:33 -04:00