We need to have labels applied even if a container is running in privileged
mode. On an tightly locked down SELinux system, this will cause running
without labels will cause SELinux to block privileged mode containers.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
Upstream-commit: 3894773d6edf8127ddf5f811492a9b49673196e7
Component: engine
This flag can be set on disk if the daemon were to crash or error out
while trying to remove container in which case subsequent tries to
delete the container would all fail.
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
Upstream-commit: ce724731973159a4fcedf16d0996571684cc3843
Component: engine
before:
```
$ time docker --help
real 0m0.177s
user 0m0.000s
sys 0m0.040s
```
after:
```
$ time docker --help
real 0m0.010s
user 0m0.000s
sys 0m0.000s
```
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 5c8950e84d2384919f45209f8cc4cbf00ff29015
Component: engine
the events API was rewritten in 723be0a3325799fd6b2a6b689af54f5a07edf992,
but the example response in the documentation doesn't reflect the actual output
this fixes the example response
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 3932d46a7878e3e75d8119f332b927fd2107cb32
Component: engine
- [x] Update man page description
- [x] Update man page sample output to something more current
Tested with: `TESTFLAGS='-check.f DockerSuite.TestInfoEnsureSucceeds*'
make test-integration-cli`
Signed-off-by: Lucas Chan <lucas-github@lucaschan.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 55d61e98baa9cfffa246b40f48b09b9865b585ca
Component: engine
This add a new filter to 'docker network ls'
to allow filtering by driver-name.
Contrary to "ID" and "name" filters, this
filter only supports an *exact* match.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 23e418b6c966a43a463a064053ce0c741b8e5159
Component: engine
This generates an ID string for calls to Mount/Unmount, allowing drivers
to differentiate between two callers of `Mount` and `Unmount`.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 2b6bc294fc7f9e08a9091833b021b7d2a01ad2a6
Component: engine
When exec a non-exist command, it should print a newline at last.
Currently:
```
$ docker exec -ti f5f703ea2c0a144 bash
rpc error: code = 2 desc = "oci runtime error: exec failed: exec:
\"bash\": executable file not found in $PATH"$
```
Signed-off-by: Feng Yan <fy2462@gmail.com>
Upstream-commit: 8bf5613c1aca634e517e895e90e74f4263cf030f
Component: engine
TestBuildNotVerboseFailure use a non-exist image busybox1,
it requires network connection to access to Dockerhub, skip
this test if there is no network.
Signed-off-by: Lei Jitang <leijitang@huawei.com>
Upstream-commit: 9ab0aa43365cd648d7681a58b60e91f791bc920a
Component: engine
Move all flags into cli/flags
Move usage help into cli/usage.go
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Upstream-commit: 33c9edaf6c5401fc1891713d1ad8d861e6cea51f
Component: engine
The runc compile currently fails on s390x:
Step 35 : RUN set -x && export GOPATH="$(mktemp -d)" && git clone
https://github.com/opencontainers/runc.git
"$GOPATH/src/github.com/opencontainers/runc" && cd
"$GOPATH/src/github.com/opencontainers/runc" && git checkout -q
"$RUNC_COMMIT" && make static BUILDTAGS="seccomp apparmor selinux" &&
cp runc /usr/local/bin/docker-runc
[snip]
# github.com/seccomp/libseccomp-golang
Godeps/_workspace/src/github.com/seccomp/libseccomp-golang/seccomp.go:25:22:
fatal error: seccomp.h: No such file or directory
// #include <seccomp.h>
The problem is that the installed libseccomp version in trusty is too old.
Fix this and install version 2.3.0 of libseccomp like it is done in the
x86 Dockerfile.
Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Upstream-commit: 97f45bd629fa3e5921c5a70f3e8087c1afbb07a6
Component: engine
