This means we can vendor libnetwork without special casing, and
it is built the same way as the other external binaries.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Upstream-commit: 3996975b0840033bda3919440d122d734a4bc66b
Component: engine
The original sed placement was creating packages with an
"unsupported" tag in the package name.
Fixes#24197
Signed-off-by: Christy Perez <christy@linux.vnet.ibm.com>
Upstream-commit: dab287819a21ef8755d2f1b578ebeea33eb4e784
Component: engine
This reduces memory usage with a lot of docker proxy processes.
On Docker for Mac we are currently carrying a patch to replace
the binary as we modify it to forward ports to the Mac rather
than the Linux VM, this allows us to simply replace this binary
in our packaging with one that has a compatible interface. This
patch does not provide an easy way to substitute a binary as
the interface is complex and there are few use cases, but where
needed this can be done.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Upstream-commit: 0682468431867e3382a759402eb92df5877e310b
Component: engine
Add a proxy to support 'docker daemon'
Fix configFile option, and remove a test that is no longer relevant.
Remove daemon build tag.
Remove DOCKER_CLIENTONLY from build scripts.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Change docker-daemon to dockerd.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Upstream-commit: 9e7651db4d464649bc32cf346fdee8c6900ebe0f
Component: engine
These are the changes required due to the new binaries that containerd introduced.
The rpm, and deb packages now include 5 binaries.
docker, containerd, containerd-shim, ctr, and runc
The tar files also include all 5 binaries.
Signed-off-by: Ken Cochrane <KenCochrane@gmail.com>
Upstream-commit: bb66d7144f7d0a617f5985486ae36bbbaa5461ba
Component: engine
Most of them were found and fixed by codespell.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Upstream-commit: 2eee613326fb59fd168849618d14a9054a40f9f5
Component: engine
dockerinit has been around for a very long time. It was originally used
as a way for us to do configuration for LXC containers once the
container had started. LXC is no longer supported, and /.dockerinit has
been dead code for quite a while. This removes all code and references
in code to dockerinit.
Signed-off-by: Aleksa Sarai <asarai@suse.com>
Upstream-commit: 4357ed4a7363a1032edf93cf03232953c805184f
Component: engine
Without section/priority, reprepro will reject the packages. Add
sections following the Debian docker.io packages
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Upstream-commit: 8d2a423d8716aafc4bd5d05eeceec87dae27202b
Component: engine
Add a flag to allow keeping bundles around (helps with CI)
Fix several problems in repo make targets
* quote DOCKER_EXPERIMENTAL variable
* pass-through arguments for gpg provided to dpkg-sig are now quoted
properly, so passphrases with shell-interpolated symbols can be used
* when determining deb suites, don't rely on 'origin' to be
github.com/docker/docker
Fix some issues with deb repository creation from scratch
* Don't add empty components to the repository configuration as they
will cause failure when generating.
Add old docker-engine-cs name to package conflicts
Signed-off-by: Mike Dougherty <mike.dougherty@docker.com>
Upstream-commit: a15b67b1affb2eac5365614e55703f43b6f73e9b
Component: engine
This adds the Fish completions to the .deb package.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 6b1a643ac8bf599d04510b26d6d5befefc30ccde
Component: engine
Wraps the engine itself with an AppArmor policy.
This restricts what may be done by applications
we call out to, such as 'xz'.
Significantly, this policy also restricts the policies
to which a container may be spawned into. By default,
users will be able to transition to an unconfined
policy or any policy prefaced with 'docker-'.
Local operators may add new local policies prefaced
with 'docker-' without needing to modify this policy.
Operators choosing to disable privileged containers
will need to modify this policy to remove access
to change_policy to unconfined.
Signed-off-by: Eric Windisch <eric@windisch.us>
Upstream-commit: 39dae54a3f40035b1b7e5ca86c53d05dec832ed2
Component: engine
The automatic installation of AppArmor policies prevents the
management of custom, site-specific apparmor policies for the
default container profile. Furthermore, this change will allow
a future policy for the engine itself to be written without demanding
the engine be able to arbitrarily create and manage AppArmor policies.
- Add deb package suggests for apparmor.
- Ubuntu postinst use aa-status & fix policy path
- Add the policies to the debian packages.
- Add apparmor tests for writing proc files
Additional restrictions against modifying files in proc
are enforced by AppArmor. Ensure that AppArmor is preventing
access to these files, not simply Docker's configuration of proc.
- Remove /proc/k?mem from AA policy
The path to mem and kmem are in /dev, not /proc
and cannot be restricted successfully through AppArmor.
The device cgroup will need to be sufficient here.
- Load contrib/apparmor during integration tests
Note that this is somewhat dirty because we
cannot restore the host to its original configuration.
However, it should be noted that prior to this patch
series, the Docker daemon itself was loading apparmor
policy from within the tests, so this is no dirtier or
uglier than the status-quo.
Signed-off-by: Eric Windisch <eric@windisch.us>
Upstream-commit: 80d99236c1ef9d389dbaca73c1a949da16b56b42
Component: engine
Adding in other areas per comments
Updating with comments; equalizing generating man page info
Updating with duglin's comments
Doug is right here again;fixing.
Signed-off-by: Mary Anthony <mary@docker.com>
Upstream-commit: eacae64bd89ccc95a6db7bda76d36014e71e70ac
Component: engine
I added 301 redirects from dockerproject.com to dockerproject.org but may as
well make sure everything is updated anyways.
Signed-off-by: Jessica Frazelle <princess@docker.com>
Upstream-commit: 7943bce8942ee8c262180652951216d963fa6202
Component: engine
Ubuntu Precise has a number of warts that made it non-trivial to add initially, but I've managed to work through some of them and come up with a working build. Two important parts to note are that it has neither the `btrfs` nor the `devicemapper` graphdriver backends since `btrfs-tools` and `libdevmapper-dev` in the precise repositories are too ancient for them to even compile.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Upstream-commit: 98180b89543396c07c1f1ea420554fbcce31c513
Component: engine
This fixes the part of #12996 that I forgot. 👼
This also fixes a minor path issue (there's no `libexec` in Debian), and fixes a minor bug with the `debVersion` parsing.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Upstream-commit: 867eed8f3586c81b32dc9f85208692e9e1c9909a
Component: engine
