Note that go1.8.2 contains a security fix (CVE-2017-8932).
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 0c7c900e9e66335a6bd486be008af43ae83a5a37)
DeviceMapper tasks in go use SetFinalizer to clean up C construct
counterparts in the C LVM library. While thats well and good, it relies
heavily on the exact interpretation of when the golang garbage collector
determines that an object is unreachable is subject to reclaimation.
While common sense would assert that for stack variables (which these DM
tasks always are), are unreachable when the stack frame in which they
are declared returns, thats not the case. According to this:
https://golang.org/pkg/runtime/#SetFinalizer
The garbage collector decides that, if a function calls into a
systemcall (which task.run() always will in LVM), and there are no
subsequent references to the task variable within that stack frame, then
it can be reclaimed. Those conditions are met in several devmapper.go
routines, and if the garbage collector runs in the middle of a
deviceMapper operation, then the task can be destroyed while the
operation is in progress, leading to crashes, failed operations and
other unpredictable behavior.
The fix is to use the KeepAlive interface:
https://golang.org/pkg/runtime/#KeepAlive
The KeepAlive method is effectively an empy reference that fools the
garbage collector into thinking that a variable is still reachable. By
adding a call to KeepAlive in the task.run() method, we can ensure that
the garbage collector won't reclaim a task object until its execution
within the deviceMapper C library is complete.
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
(cherry picked from commit d764d8b16624e4924b3949273089f851efa0f717)
This was mistakenly unmounting everything under `plugins/*` instead of
just `plugins/<id>/*` anytime a plugin is removed.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit db5f31732a9868c1e9e4f9a49be70b794ff82d4f)
Commit abd72d4008dde7ee8249170d49eb4bc963c51e24 added
a "FIXME" comment to the container "State", mentioning
that a container cannot be both "Running" and "Paused".
This comment was incorrect, because containers on
Linux actually _must_ be running in order to be
paused.
This patch adds additional information both in a
comment, and in the API documentation to clarify
that these booleans are not mutually exclusive.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: b654b6244d6d63a0758029488a95feb446e089bd
Component: engine
These are already present in `docker/cli` 👼
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 61e527f16ccbbbca137c4db1b13b558ee4a51213
Component: engine
when `cli.post(...)` fails `errC <- err` blocks because `errC` is unbufferd.
Signed-off-by: Simon Menke <simon.menke@gmail.com>
Upstream-commit: 4d2d2ea39336aade783c5c415b83d129bdd339bb
Component: engine
OverlayFS is supported on top of btrfs as of Linux Kernel 4.7.
Skip the hard enforcement when on kernel 4.7 or newer and
respect the kernel check override flag on older kernels.
https://btrfs.wiki.kernel.org/index.php/Changelog#By_feature
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
Upstream-commit: f64a4ad008e68996afcec3ab34a869887716f944
Component: engine
ineffectual assignment to isCanonical, delete it, and make the "if" sentence to fit the golang usage
Upstream-commit: b0dd3dfc1184b210854b62c231b7b074dd6dbd26
Component: engine
Since this new version of the CLI resolves image digests for swarm
services by default, and we do not want integration tests to talk to
Docker Hub, update CLI tests to suppress this behavior.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: d012569b78c27e6e52bc5006d9a1d7a2099b1c2b
Component: engine
Switches the remaining syscalls except Errno to /x/sys/.
This was supposed to be part of 33180
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
Upstream-commit: df6dfcf198a769e7f411736e1abb93e1aabb2698
Component: engine
Use create=false when calling getCheckpointDir
Fix#33263
Signed-off-by: Jacob Wen <jian.w.wen@oracle.com>
Upstream-commit: c0d2ec1eb585a31e3d7734aef7acb753644c49c0
Component: engine
The commit adds capability to accept csv parameters
for network option in service create/update commands.The change
includes name,alias driver options specific to the network.
With this the following will be supported
docker service create --name web --network name=docknet,alias=web1,driver-opt=field1=value1 nginx
docker service create --name web --network docknet nginx
docker service update web --network-add name=docknet,alias=web1,driver-opt=field1=value1
docker service update web --network-rm docknet
Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
Upstream-commit: fe11de01772ec7c7501d3b679ce94d41bcc14060
Component: engine
I noticed that we could return a Platform that has no information filled
in. This doesn't look like it would cause any problems, but it would be
confusing. Fix the handler to only append to this slice when the
Platform is not empty.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: df86a14af21539422f667ae33601a4f24f21e574
Component: engine
fix when rpc reports "transport is closing" error, health check go routine will exit
Upstream-commit: e103125883ec3c03a8523682ed62f33d04e0ade9
Component: engine
- for service create on node-local networks
Signed-off-by: Alessandro Boch <aboch@docker.com>
Upstream-commit: d618b56b40aad7e3695583015fe0f6731d12f413
Component: engine
