p4u1/docker-cli
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b229e5ca88efb52073c7063142328c47f3f32ffb
docker-cli/components/engine/daemon
History
Aleksa Sarai 77fe26d1a3 daemon: oci: obey CL_UNPRIVILEGED for user namespaced daemon 
When runc is bind-mounting a particular path "with options", it has to
do so by first creating a bind-mount and the modifying the options of
said bind-mount via remount. However, in a user namespace, there are
restrictions on which flags you can change with a remount (due to
CL_UNPRIVILEGED being set in this instance). Docker historically has
ignored this, and as a result, internal Docker mounts (such as secrets)
haven't worked with --userns-remap. Fix this by preserving
CL_UNPRIVILEGED mount flags when Docker is spawning containers with user
namespaces enabled.

Ref: https://github.com/opencontainers/runc/pull/1603
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Upstream-commit: c0f883fdeeb2480970fb48fbcbc2a842aa5a90e8
Component: engine
2017-10-16 02:52:56 +11:00
..
caps
cluster
LCOW: API: Add platform to /images/create and /build
2017-10-06 11:44:18 -07:00
config
Merge pull request #34821 from thaJeztah/remove-enable-api-cors
2017-09-13 20:10:27 -07:00
discovery
Add ineffassign linter
2017-09-08 18:23:21 -04:00
events
Merge pull request #34985 from thaJeztah/remove-use-of-deprecated-filter-functions
2017-09-27 17:34:07 +02:00
exec
Add gosimple linter
2017-09-12 12:09:59 -04:00
graphdriver
LCOW: API: Add platform to /images/create and /build
2017-10-06 11:44:18 -07:00
initlayer
LCOW: Implemented support for docker cp + build
2017-09-14 12:07:52 -07:00
links
use t.Fatal() to output the err message where the values used for formatting
2017-02-23 10:16:22 +08:00
listeners
Add unconvert linter
2017-08-24 15:08:31 -04:00
logger
Merge pull request #34758 from ghislainbourgeois/33495-add-tcp-to-gelf-log-driver
2017-10-10 10:26:01 -04:00
names
Move names to a more appropriate package.
2017-09-06 12:05:16 -04:00
network
Updating moby to correspond to naming convention used in https://github.com/docker/swarmkit/pull/2385
2017-09-26 22:08:10 +00:00
stats
Remove string checking in API error handling
2017-08-15 16:01:11 -04:00
testdata
Remove libtrust dep from api
2017-09-06 12:05:19 -04:00
apparmor_default_unsupported.go
apparmor_default.go
apparmor: make pkg/aaparser work on read-only root
2017-05-18 00:05:13 +10:00
archive_tarcopyoptions_unix.go
Fix vfs unit test and port VFS to the new IDMappings
2017-06-07 11:44:34 -04:00
archive_tarcopyoptions_windows.go
daemon/archive.go: Fix copy routines to preserve UID.
2017-04-12 10:33:19 +00:00
archive_tarcopyoptions.go
Partial refactor of UID/GID usage to use a unified struct.
2017-06-07 11:44:33 -04:00
archive_unix.go
LCOW: API change JSON header to string POST parameter
2017-10-06 15:26:48 -07:00
archive_windows.go
Remove CopyOnBuild from the daemon.
2017-06-08 15:06:54 -04:00
archive.go
LCOW: Implemented support for docker cp + build
2017-09-14 12:07:52 -07:00
attach.go
Optimize some wrong usage and spelling
2017-09-07 09:44:08 +08:00
auth.go
bindmount_solaris.go
bindmount_unix.go
build.go
LCOW: API: Add platform to /images/create and /build
2017-10-06 11:44:18 -07:00
cache.go
Update logrus to v1.0.1
2017-07-31 13:16:46 -07:00
changes.go
checkpoint.go
Move names to a more appropriate package.
2017-09-06 12:05:16 -04:00
cluster.go
Fix race condition between swarm and libnetwork
2017-05-10 21:16:52 -07:00
commit.go
LCOW: API: Add platform to /images/create and /build
2017-10-06 11:44:18 -07:00
configs_linux.go
Add config support to executor backend
2017-05-11 10:08:21 -07:00
configs_unsupported.go
Add Windows configs support
2017-05-16 14:25:32 -07:00
configs_windows.go
Add Windows configs support
2017-05-16 14:25:32 -07:00
configs.go
Update logrus to v1.0.1
2017-07-31 13:16:46 -07:00
container_linux.go
Remove string checking in API error handling
2017-08-15 16:01:11 -04:00
container_operations_solaris.go
Include Endpoint List for Shared Endpoints
2017-07-06 12:19:17 -07:00
container_operations_unix.go
Relabel config files.
2017-09-05 18:39:48 -03:00
container_operations_windows.go
Update logrus to v1.0.1
2017-07-31 13:16:46 -07:00
container_operations.go
Remove string checking in API error handling
2017-08-15 16:01:11 -04:00
container_windows.go
Added an apparmorEnabled boolean in the Daemon struct to indicate if AppArmor is enabled or not. It is set in NewDaemon using sysInfo information.
2017-01-30 16:23:23 +01:00
container.go
LCOW: API: Add platform to /images/create and /build
2017-10-06 11:44:18 -07:00
create_unix.go
LCOW: API: Add platform to /images/create and /build
2017-10-06 11:44:18 -07:00
create_windows.go
LCOW: API: Add platform to /images/create and /build
2017-10-06 11:44:18 -07:00
create.go
LCOW: API: Add platform to /images/create and /build
2017-10-06 11:44:18 -07:00
daemon_experimental.go
daemon_linux_test.go
use t.Fatal() to output the err message where the values used for formatting
2017-02-23 10:16:22 +08:00
daemon_linux.go
Update logrus to v1.0.1
2017-07-31 13:16:46 -07:00
daemon_solaris.go
LCOW: Implemented support for docker cp + build
2017-09-14 12:07:52 -07:00
daemon_test.go
Store container names in memdb
2017-07-13 12:35:00 -07:00
daemon_unix_test.go
Add ineffassign linter
2017-09-08 18:23:21 -04:00
daemon_unix.go
Don't abort when setting may_detach_mounts
2017-10-11 14:54:24 -04:00
daemon_unsupported.go
daemon_windows_test.go
Ensure Host Network Service exists
2017-09-25 11:07:44 -07:00
daemon_windows.go
LCOW: API: Add platform to /images/create and /build
2017-10-06 11:44:18 -07:00
daemon.go
LCOW: API: Add platform to /images/create and /build
2017-10-06 11:44:18 -07:00
debugtrap_unix.go
Update logrus to v1.0.1
2017-07-31 13:16:46 -07:00
debugtrap_unsupported.go
debugtrap_windows.go
Use event functions from golang.org/x/sys/windows
2017-08-21 12:58:09 +02:00
delete_test.go
Move ErrorContains to an internal package.
2017-08-25 12:04:58 -04:00
delete.go
Merge pull request #34960 from sterchelen/34953-Prune-Volume-lack-event-entry
2017-10-12 09:24:26 -07:00
dependency.go
Add config support to executor backend
2017-05-11 10:08:21 -07:00
disk_usage.go
Fix variable shadowing causing LayersSize to be reported as 0
2017-09-12 14:11:11 -03:00
errors.go
Fix conflicting container name producint 400 error instead of 409
2017-10-04 20:39:45 +02:00
events_test.go
LCOW: Remove CommonContainer - just Container
2017-06-20 08:55:46 -07:00
events.go
Update logrus to v1.0.1
2017-07-31 13:16:46 -07:00
exec_linux.go
daemon: also ensureDefaultApparmorProfile in exec path
2017-03-13 15:20:05 +11:00
exec_solaris.go
exec_windows.go
LCOW: API: Add platform to /images/create and /build
2017-10-06 11:44:18 -07:00
exec.go
Add interfacer linter
2017-08-24 15:08:26 -04:00
export.go
LCOW: API: Add platform to /images/create and /build
2017-10-06 11:44:18 -07:00
getsize_unix.go
Update logrus to v1.0.1
2017-07-31 13:16:46 -07:00
health_test.go
Move checkpointing to the Container object
2017-06-23 07:52:32 -07:00
health.go
Add deadcode linter
2017-08-21 18:18:50 -04:00
image_delete.go
LCOW: API: Add platform to /images/create and /build
2017-10-06 11:44:18 -07:00
image_exporter.go
Move to a single tag-store
2017-08-18 17:09:27 -07:00
image_history.go
Move to a single tag-store
2017-08-18 17:09:27 -07:00
image_inspect.go
Move to a single tag-store
2017-08-18 17:09:27 -07:00
image_pull.go
Move to a single tag-store
2017-08-18 17:09:27 -07:00
image_push.go
Move to a single tag-store
2017-08-18 17:09:27 -07:00
image_tag.go
LCOW: API: Add platform to /images/create and /build
2017-10-06 11:44:18 -07:00
image.go
LCOW: API: Add platform to /images/create and /build
2017-10-06 11:44:18 -07:00
images.go
LCOW: API: Add platform to /images/create and /build
2017-10-06 11:44:18 -07:00
import.go
LCOW: API: Add platform to /images/create and /build
2017-10-06 11:44:18 -07:00
info_unix_test.go
Refactor "init" version parsing, and add unit-test
2017-04-08 11:28:37 +02:00
info_unix.go
Update logrus to v1.0.1
2017-07-31 13:16:46 -07:00
info_windows.go
info.go
Add unconvert linter
2017-08-24 15:08:31 -04:00
inspect_solaris.go
Move platform specific mount data to Container
2017-06-23 07:22:47 -07:00
inspect_unix.go
Move platform specific mount data to Container
2017-06-23 07:22:47 -07:00
inspect_windows.go
Move platform specific mount data to Container
2017-06-23 07:22:47 -07:00
inspect.go
Fix downlevel regression
2017-10-09 13:47:28 -07:00
keys_unsupported.go
keys.go
kill.go
Optimize some wrong usage and spelling
2017-09-07 09:44:08 +08:00
links.go
Remove links when remove container
2017-07-18 12:09:26 +08:00
list_unix.go
stop grabbing container locks during ps
2017-06-23 07:52:31 -07:00
list_windows.go
stop grabbing container locks during ps
2017-06-23 07:52:31 -07:00
list.go
LCOW: API: Add platform to /images/create and /build
2017-10-06 11:44:18 -07:00
logdrivers_linux.go
logdrivers_windows.go
logs_test.go
logs.go
Remove string checking in API error handling
2017-08-15 16:01:11 -04:00
metrics_unix.go
Update logrus to v1.0.1
2017-07-31 13:16:46 -07:00
metrics_unsupported.go
Add support for metrics plugins
2017-05-12 00:30:09 -04:00
metrics.go
Add gosimple linter
2017-09-12 12:09:59 -04:00
monitor_linux.go
monitor_solaris.go
monitor_windows.go
Update Windows and LCOW to use v1.0.0 runtime-spec
2017-08-21 15:19:31 -07:00
monitor.go
Fix golint errors.
2017-08-18 14:23:44 -04:00
mounts.go
Fix issue backporting mount spec to pre-1.13 obj
2017-05-11 12:31:53 -04:00
names.go
Fix conflicting container name producint 400 error instead of 409
2017-10-04 20:39:45 +02:00
network.go
Fix network name masking network ID on delete
2017-10-11 21:57:05 +02:00
oci_linux.go
daemon: oci: obey CL_UNPRIVILEGED for user namespaced daemon
2017-10-16 02:52:56 +11:00
oci_solaris.go
LCOW: Implemented support for docker cp + build
2017-09-14 12:07:52 -07:00
oci_windows.go
LCOW: API: Add platform to /images/create and /build
2017-10-06 11:44:18 -07:00
pause.go
Remove string checking in API error handling
2017-08-15 16:01:11 -04:00
prune.go
Merge pull request #34960 from sterchelen/34953-Prune-Volume-lack-event-entry
2017-10-12 09:24:26 -07:00
reload_test.go
Merge pull request #34495 from ripcurld0/registry_mirror_json
2017-09-18 21:59:14 -07:00
reload.go
Implement none, private, and shareable ipc modes
2017-08-14 10:50:39 +03:00
rename.go
Remove string checking in API error handling
2017-08-15 16:01:11 -04:00
resize.go
Remove string checking in API error handling
2017-08-15 16:01:11 -04:00
restart.go
Update logrus to v1.0.1
2017-07-31 13:16:46 -07:00
search_test.go
search.go
Replace uses of filters.ToParam(), FromParam() with filters.ToJSON(), FromJSON()
2017-09-26 13:59:45 +02:00
seccomp_disabled.go
seccomp_linux.go
Update logrus to v1.0.1
2017-07-31 13:16:46 -07:00
seccomp_unsupported.go
secrets_linux.go
secrets_unsupported.go
Add Windows secrets support
2017-05-16 11:30:06 -07:00
secrets_windows.go
Add Windows secrets support
2017-05-16 11:30:06 -07:00
secrets.go
Update logrus to v1.0.1
2017-07-31 13:16:46 -07:00
selinux_linux.go
Switch to using opencontainers/selinux for selinux bindings
2017-04-24 21:29:47 +02:00
selinux_unsupported.go
start_unix.go
Remove string checking in API error handling
2017-08-15 16:01:11 -04:00
start_windows.go
LCOW: API: Add platform to /images/create and /build
2017-10-06 11:44:18 -07:00
start.go
LCOW: API: Add platform to /images/create and /build
2017-10-06 11:44:18 -07:00
stats_collector.go
stats_unix.go
Remove string checking in API error handling
2017-08-15 16:01:11 -04:00
stats_windows.go
stats.go
Send "Name" and "ID" when stating stopped containers
2017-02-09 09:46:59 +08:00
stop.go
Optimize some wrong usage and spelling
2017-09-07 09:44:08 +08:00
top_unix_test.go
Fixing issue of docker top command failure when dealing with -m option
2017-03-10 02:50:21 +00:00
top_unix.go
Add gosimple linter
2017-09-12 12:09:59 -04:00
top_windows.go
trustkey_test.go
Remove libtrust dep from api
2017-09-06 12:05:19 -04:00
trustkey.go
Remove libtrust dep from api
2017-09-06 12:05:19 -04:00
unpause.go
update_linux.go
Add --cpus support for docker update
2017-04-06 15:40:12 -07:00
update_solaris.go
update_windows.go
update.go
LCOW: API: Add platform to /images/create and /build
2017-10-06 11:44:18 -07:00
volumes_unit_test.go
Volume refactoring for LCOW
2017-09-14 12:33:31 -07:00
volumes_unix_test.go
Spelling fixes
2017-07-03 13:13:09 -07:00
volumes_unix.go
avoid saving container state to disk before daemon.Register
2017-06-23 07:52:34 -07:00
volumes_windows.go
Partial refactor of UID/GID usage to use a unified struct.
2017-06-07 11:44:33 -04:00
volumes.go
LCOW: API: Add platform to /images/create and /build
2017-10-06 11:44:18 -07:00
wait.go
Update ContainerWait API
2017-05-16 15:11:39 -07:00
workdir.go
Remove error return from RootPair
2017-06-07 11:45:33 -04:00