This patch creates a new `tlsconfig` package to handle creation of
secure-enough TLS configurations for clients and servers.
The package was created by refactoring TLS code in the client and the
daemon. After this patch, it is expected that all code creating TLS
configurations use this `tlsconfig` package for greater security,
consistency and readability.
On the server side, this fixes a bug where --tlsverify was not taken
into account. Now, if specified, it will require the client to
authenticate.
Signed-off-by: Tibor Vass <tibor@docker.com>
Upstream-commit: bfed4b7cc3820ee3a74580aca55d5918bf05eef5
Component: engine
Previous versions of libcontainer allowed CpuShares that were greater
than the maximum or less than the minimum supported by the kernel, and
relied on the kernel to do the right thing. Newer libcontainer fails
after creating the container if the requested CpuShares is different
from what was actually created by the kernel, which breaks compatibility
with earlier Docker Remote API versions. This change explicitly adjusts
the requested CpuShares in API versions < 1.20.
Signed-off-by: Samuel Karp <skarp@amazon.com>
Upstream-commit: ed39fbeb2ad3959f37cf6c16aaf30aacb3292817
Component: engine
Also noticed potential hang when only stdout or stderr are used with
follow=1
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 0c84604f5458bc38b793e5bcdf86624eef3e3184
Component: engine
Fixes#13107. This change enables Go duration strings
computed relative to the client machine’s time to be used
as input parameters to `docker events --since/--until`
and `docker logs --since` arguments.
Added unit tests for pkg/timeutils.GetTimestamp as well.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Upstream-commit: 4e3b21f99e7fb7fac0075be2e7190d5f07c9ee66
Component: engine
Change CLI error msg because it was too specific and didn't make sense
when there were errors not related to inaccessible files.
Removed some log.Error() calls since they're not really errors we should
log. Returning the error will be enough.
Closes: #13417
Signed-off-by: Doug Davis <dug@us.ibm.com>
Upstream-commit: 82ea6ed2bc33ac1ec2ad2bd8d4a098031dd77095
Component: engine
Which is already done in writeJSON.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Upstream-commit: 94d604357ff9cf7a5fcc4d98ffe58f804adf0ae6
Component: engine
Continues 11858 by:
- Making sure the exit code is always zero when we ask for help
- Making sure the exit code isn't zero when we print help on error cases
- Making sure both short and long usage go to the same stream (stdout vs stderr)
- Making sure all docker commands support --help
- Test that all cmds send --help to stdout, exit code 0, show full usage, no blank lines at end
- Test that all cmds (that support it) show short usage on bad arg to stderr, no blank line at end
- Test that all cmds complain about a bad option, no blank line at end
- Test that docker (w/o subcmd) does the same stuff mentioned above properly
Signed-off-by: Doug Davis <dug@us.ibm.com>
Upstream-commit: 8324d7918b9c84c5f6508064801534dfd2155c90
Component: engine
Because I just used it somewhere else and it would be nice if I didn't have to copy and paste the code.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 0bfbc6e78823fc2f455b01a02721f17bcbcaecff
Component: engine
The DOCKER_EXPERIMENTAL environment variable drives the activation of
the 'experimental' build tag.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Upstream-commit: ca6722f1c5e4e2017a71e33579d91ac0d9ea2a25
Component: engine
