This test tries to pull all the tags in the busybox repo and looks to see
if there were more than two images pulled. This was failing on
p/z due to the recent change to manifest lists, where one of the busybox
tags didn't have a p/z manifest in it's manifest list.
This error seems fine to me, so I changed the test to see if pull fails,
it fails with the "manifest not found" error.
Also switched from busybox -> alpine, because it has significantly less tags,
and the images are close in size.
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
(cherry picked from commit 5739ba1b918402b8eda748ac2f5dd7ce00f2e69f)
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
This is writeable, and can be used to remove devices. Containers do
not need to know about scsi devices.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
(cherry picked from commit a21ecdf3c8a343a7c94e4c4d01b178c87ca7aaa1)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This is kernel config available in RHEL7.4 based kernels that enables
mountpoint removal where the mountpoint exists in other namespaces.
In particular this is important for making this pattern work:
```
umount -l /some/path
rm -r /some/path
```
Where `/some/path` exists in another mount namespace.
Setting this value will prevent `device or resource busy` errors when
attempting to the removal of `/some/path` in the example.
This setting is the default, and non-configurable, on upstream kernels
since 3.15.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 83c2152de503012195bd26069fd8fbd2dea4b32f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Shukui Yang <yangshukui@huawei.com>
(cherry picked from commit 9f38923901352459bb621d0b3587a6517e67eeb3)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
When using a volume via the `Binds` API, a shared selinux label is
automatically set.
The `Mounts` API is not setting this, which makes volumes specified via
the mounts API useless when selinux is enabled.
This fix adopts the same selinux label for volumes on the mounts API as on
binds.
Note in the case of both the `Binds` API and the `Mounts` API, the
selinux label is only applied when the volume driver is the `local`
driver.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 5bbf5cc671ec8007bf8e0416799fff01d6a79b7e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Daniel Nephin <dnephin@docker.com>
(cherry picked from commit 58b96aced87b33c4175fa5d3422289f763ab599d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Without relabel these files, SELinux-enabled containers will show
"permission denied" errors for configuration files mounted with
`docker server create ... --config ... ...`.
Signed-off-by: Wenxuan Zhao <viz@linux.com>
(cherry picked from commit 472c03a8c364090afb88258b3dd9748183c29d05)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This patch adds aditional information about commands to the YAML files
that are generated for the reference documentation.
The following fields are added for each command:
Property | Type | Description
------------------|-----------|---------------------------------------------------------------------------------------
deprecated | Boolean | Indicates if the command is marked deprecated
min_api_version | String | The API version required to use this command (e.g. "1.23")
experimental | Boolean | Indicates if the command requires the daemon to run with experimental features enabled
For example (taken from the experimental `docker checkpoint create` command):
command: docker checkpoint create
short: Create a checkpoint from a running container
long: Create a checkpoint from a running container
usage: docker checkpoint create [OPTIONS] CONTAINER CHECKPOINT
pname: docker checkpoint
plink: docker_checkpoint.yaml
options:
- option: checkpoint-dir
value_type: string
description: Use a custom checkpoint storage directory
deprecated: false
experimental: false
- option: leave-running
value_type: bool
default_value: "false"
description: Leave the container running after checkpoint
deprecated: false
experimental: false
deprecated: false
min_api_version: "1.25"
experimental: true
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 1f48e75c5c)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This patch adds aditional information about command flags to the YAML files
that are generated for the reference documentation.
The following fields are added for each flag:
Property | Type | Description
------------------|-----------|---------------------------------------------------------------------------------------
value_type | String | The "type" of value to be passed to this flag (e.g., `uint64`, `list`)
deprecated | Boolean | Indicates if the flag is marked deprecated
min_api_version | String | The API version required to use this flag (e.g. "1.23")
experimental | Boolean | Indicates if the flag requires the daemon to run with experimental features enabled
For example (taken from the `docker image build` command):
- option: security-opt
value_type: stringSlice
default_value: '[]'
description: Security options
deprecated: false
experimental: false
- option: shm-size
value_type: bytes
default_value: "0"
description: Size of /dev/shm
deprecated: false
experimental: false
- option: squash
value_type: bool
default_value: "false"
description: Squash newly built layers into a single new layer
deprecated: false
min_api_version: "1.25"
experimental: true
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit a8ba6f93d9)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
`docker stack deploy` keeps restarting services it doesn't need to (no changes)
because the entries' order gets randomized at some previous (de)serialization.
Maybe it would be worth looking into this at a higher level and ensure
all (de)serialization happens in an ordered collection.
This quick fix sorts secrets and configs (in place, mutably) which ensures the
same order for each run.
Based on
https://github.com/moby/moby/pull/30506
Fixes
https://github.com/moby/moby/issues/34746
Signed-off-by: Peter Nagy <xificurC@gmail.com>
(cherry picked from commit 27e8bdf32b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Splunk HEC does not accept log events with an empty string or a
whitespace-only string.
Signed-off-by: Florian Noeding <florian@noeding.com>
(cherry picked from commit 5f6d6a5093a4db799f9c1a6bb82eed1eea13ec0c)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Cezar Sa Espinola <cezarsa@gmail.com>
(cherry picked from commit 313bc1e339fa4292d9ef5bc74acc82436eab7e1e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The `--enable-api-cors` flag was deprecated in f3dd2db4ff7de1399a49af928cd3eae4fccf8764,
and marked for removal in docker 17.09 through 85f92ef3590b386ea17e3948262725a2d3ce4db5.
This patch removes the deprecated flag.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 7d4eab554379524c2421a7ecd3319d1d087d1de2)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: John Howard <jhoward@microsoft.com>
(cherry picked from commit b291f5a31728f7ff6386bb37f15e7c0885d3b2a7)
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
Primarily to bring in fix for "Clear Architecture field in platform
constraint for arm architectures".
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
(cherry picked from commit ef027b6d72)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
If the empty variable happens to be sorted to the end of the list then TrimSpace()
would remove it. Instead only strip the single trailing newline.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
(cherry picked from commit fff605c3b3557acf6bf793813d695fba59d7fa21)
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
This commit reverts a hunk of commit 2f5f0af3f ("Add unconvert linter")
and adds a hint for unconvert linter to ignore excessive conversion as
it is required on 32-bit platforms (e.g. armhf).
The exact error on armhf is this:
19:06:45 ---> Making bundle: dynbinary (in bundles/17.06.0-dev/dynbinary)
19:06:48 Building: bundles/17.06.0-dev/dynbinary-daemon/dockerd-17.06.0-dev
19:10:58 # github.com/docker/docker/daemon/graphdriver/overlay
19:10:58 daemon/graphdriver/overlay/copy.go:161: cannot use stat.Atim.Sec (type int32) as type int64 in argument to time.Unix
19:10:58 daemon/graphdriver/overlay/copy.go:161: cannot use stat.Atim.Nsec (type int32) as type int64 in argument to time.Unix
19:10:58 daemon/graphdriver/overlay/copy.go:162: cannot use stat.Mtim.Sec (type int32) as type int64 in argument to time.Unix
19:10:58 daemon/graphdriver/overlay/copy.go:162: cannot use stat.Mtim.Nsec (type int32) as type int64 in argument to time.Unix
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 0120303d8ea4a1d9f8920ac4dba80521072e8536)
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
Since commit d7e2c4ce7 ("Use gometalinter for linting") command
"make all" fails on all the non-default platforms (i.e. ARMs, PPC, and
s390) in this way:
# make all
...
Congratulations! All commits are properly signed with the DCO!
/go/src/github.com/docker/docker/hack/validate/gometalinter: line 6: gometalinter: command not found
Makefile:105: recipe for target 'all' failed
make: *** [all] Error 127
Make sure gometalinter is installed for those platforms
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 0c0047e67f8ee73f73465ac60ccebbd16260ab46)
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
