This means we can vendor libnetwork without special casing, and
it is built the same way as the other external binaries.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Upstream-commit: 3996975b0840033bda3919440d122d734a4bc66b
Component: engine
It should allow easier updates for containerd and runc
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: 1b41125ad9f1a3881b71bd044d76fd285170addb
Component: engine
This adds a small C binary for fighting zombies. It is mounted under
`/dev/init` and is prepended to the args specified by the user. You
enable it via a daemon flag, `dockerd --init`, as it is disable by
default for backwards compat.
You can also override the daemon option or specify this on a per
container basis with `docker run --init=true|false`.
You can test this by running a process like this as the pid 1 in a
container and see the extra zombie that appears in the container as it
is running.
```c
int main(int argc, char ** argv) {
pid_t pid = fork();
if (pid == 0) {
pid = fork();
if (pid == 0) {
exit(0);
}
sleep(3);
exit(0);
}
printf("got pid %d and exited\n", pid);
sleep(20);
}
```
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: ee3ac3aa66bfb27b7c21dfb253fdaa113baedd4e
Component: engine
We finally have a s390x binary tarball for go on "storage.googleapis.com".
So use this instead of bootstrapping with gccgo.
Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Upstream-commit: 47f13d3b84fb0ee867c6b6c2a213d78b471754bf
Component: engine
Necessary for merging in #22049.
Signed-off-by: Ross Boucher <rboucher@gmail.com>
Upstream-commit: e0123adafdc1e6a14a1dac10c5371da11b6fc063
Component: engine
They're included in go since 1.5.
Also I've removed comment about ancient gofmt version.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: 08c16f8abfdc1f91119a35056c92d131b815fbf8
Component: engine
With golang version 1.7 the s390x architecture is officially supported.
To be in sync with the other architectures now switch also for s390x
from gccgo 6.1 to golang:
- golang: build and install to /usr/src/go
* Download golang-1.7 sources
* Bootstrap with gccgo 6.1
- go lint: Sync GO_LINT_COMMIT with other Dockerfiles
- notary: Remove GO15VENDOREXPERIMENT and softlink hack
With this patch the current CI on s390x completes with:
- OK: 1375 passed, 43 skipped
Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Upstream-commit: ee59f25c2d503cd68262679250387e140171c685
Component: engine
When #24648 was merged, only the main Dockerfile was updated with the
new containerd commit, this commit brings the other Dockerfile up to
speed.
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
Upstream-commit: d5cbc57eff0df651bfbfb455608da45747651d0c
Component: engine
This version introduces the following:
- uses nanosecond timestamps for event
- ensure events are sent once their effect is "live"
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
Upstream-commit: 29b2714580d085533c29807fa337c2b7a302abb6
Component: engine
This updates containerd to b93a33be39bc4ef0fb00bfcb79147a28c33d9d43
fixing the start sync issues.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: 7db7e046315eed5ccfb3a913b965be4b1a595601
Component: engine
Due to the issue of go-md2man, a numbered list in `man docker login` was not rendered correctly.
a8f937e113
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
Upstream-commit: cfe16e0d5b4bb7d1d194553f2a82cc1879d60e6b
Component: engine
We have to wait until runc version (RUNC_COMMIT) is bumped.
Otherwise we get the following error:
oci runtime error: string SCMP_ARCH_S390 is not a valid
arch for seccomp
Fixes: bf2a577c131d899 ("Enable seccomp for s390x")
Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Upstream-commit: e6e51d37f7b6509f6422ad97533e9bb581042461
Component: engine
This bumps containerd to cf554d59dd96e459544748290eb9167f4bcde509 and
includes various fixes and updates the grpc package and types generated
for use.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: d17b9f3da064f4c7e70867be5e64d06b127df301
Component: engine
To implement seccomp for s390x the following changes are required:
1) seccomp_default: Add s390 compat mode
On s390x (64 bit) we can run s390 (32 bit) programs in 32 bit
compat mode. Therefore add this information to arches().
2) seccomp_default: Use correct flags parameter for sys_clone on s390x
On s390x the second parameter for the clone system call is the flags
parameter. On all other architectures it is the first one.
See kernel code kernel/fork.c:
#elif defined(CONFIG_CLONE_BACKWARDS2)
SYSCALL_DEFINE5(clone, unsigned long, newsp, unsigned long, clone_flags,
int __user *, parent_tidptr,
So fix the docker default seccomp rule and check for the second
parameter on s390/s390x.
3) seccomp_default: Add s390 specific syscalls
For s390 we currently have three additional system calls that should
be added to the seccomp whitelist:
- Other architectures can read/write unprivileged from/to PCI MMIO memory.
On s390 the instructions are privileged and therefore we need system
calls for that purpose:
* s390_pci_mmio_write()
* s390_pci_mmio_read()
- Runtime instrumentation:
* s390_runtime_instr()
4) test_integration: Do not run seccomp default profile test on s390x
The generated profile that we check in is for amd64 and i386
architectures and does not work correctly on s390x.
See also: 75385dc216e ("Do not run the seccomp tests that use
default.json on non x86 architectures")
5) Dockerfile.s390x: Add "seccomp" to DOCKER_BUILDTAGS
Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Upstream-commit: bf2a577c131d8998eb6ecac986d80e1289e6c801
Component: engine
Pull request #22840 and commit 40b21745cc ("Upgrade to golang 1.6.2")
introduces gcc 6.1 for Dockerfile.gccgo and Dockerfile.ppc64le.
So do this also for s390x and use "s390x/gcc:6.1" as base image.
In addition to this use "GO15VENDOREXPERIMENT=0" for notary build
as a workaround for:
* golang/go#15814
* golang/go#15628
Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Upstream-commit: b5490d48979c3afa29d50dc8527aa6579cd1e634
Component: engine
is still on the Go 1.4 library, whereas the Notary Yubikey library needs interfaces from
Go 1.5
Signed-off-by: cyli <cyli@twistedmatrix.com>
Upstream-commit: 4710ed6304b8456060f4cb4401b2ed47343991e4
Component: engine
The runc compile currently fails on s390x:
Step 35 : RUN set -x && export GOPATH="$(mktemp -d)" && git clone
https://github.com/opencontainers/runc.git
"$GOPATH/src/github.com/opencontainers/runc" && cd
"$GOPATH/src/github.com/opencontainers/runc" && git checkout -q
"$RUNC_COMMIT" && make static BUILDTAGS="seccomp apparmor selinux" &&
cp runc /usr/local/bin/docker-runc
[snip]
# github.com/seccomp/libseccomp-golang
Godeps/_workspace/src/github.com/seccomp/libseccomp-golang/seccomp.go:25:22:
fatal error: seccomp.h: No such file or directory
// #include <seccomp.h>
The problem is that the installed libseccomp version in trusty is too old.
Fix this and install version 2.3.0 of libseccomp like it is done in the
x86 Dockerfile.
Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Upstream-commit: 97f45bd629fa3e5921c5a70f3e8087c1afbb07a6
Component: engine
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
Set up the mount label in the spec for a container
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
Upstream-commit: e0f98c698b49e3790fe63bff611eeda6f5b46055
Component: engine
