To implement seccomp for s390x the following changes are required:
1) seccomp_default: Add s390 compat mode
On s390x (64 bit) we can run s390 (32 bit) programs in 32 bit
compat mode. Therefore add this information to arches().
2) seccomp_default: Use correct flags parameter for sys_clone on s390x
On s390x the second parameter for the clone system call is the flags
parameter. On all other architectures it is the first one.
See kernel code kernel/fork.c:
#elif defined(CONFIG_CLONE_BACKWARDS2)
SYSCALL_DEFINE5(clone, unsigned long, newsp, unsigned long, clone_flags,
int __user *, parent_tidptr,
So fix the docker default seccomp rule and check for the second
parameter on s390/s390x.
3) seccomp_default: Add s390 specific syscalls
For s390 we currently have three additional system calls that should
be added to the seccomp whitelist:
- Other architectures can read/write unprivileged from/to PCI MMIO memory.
On s390 the instructions are privileged and therefore we need system
calls for that purpose:
* s390_pci_mmio_write()
* s390_pci_mmio_read()
- Runtime instrumentation:
* s390_runtime_instr()
4) test_integration: Do not run seccomp default profile test on s390x
The generated profile that we check in is for amd64 and i386
architectures and does not work correctly on s390x.
See also: 75385dc216e ("Do not run the seccomp tests that use
default.json on non x86 architectures")
5) Dockerfile.s390x: Add "seccomp" to DOCKER_BUILDTAGS
Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Upstream-commit: bf2a577c131d8998eb6ecac986d80e1289e6c801
Component: engine
- Migrates network command and subcommands (connect, create, disconnect,
inspect, list and remove) to spf13/cobra
- Create a RequiredExactArgs helper function for command that require an
exact number of arguments.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 4bd202b00f7859ebeb4ba87511a0618ad08d0605
Component: engine
Currently `start` will hide some errors and throw a consolidated error,
which will make it hard to debug because developer can't find the
original error.
This commit allow daemon to log original errors first.
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
Upstream-commit: b4740e3021a39a502ffc82f0f70e9b7ed2f0875f
Component: engine
This fix is part of the effort to convert commands to spf13/cobra #23211.
Thif fix coverted command `docker unpause` to use spf13/cobra
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 8ea7733a6390a67d6981888b857ab78b11c4c076
Component: engine
This fix is part of the effort to convert commands to spf13/cobra #23211.
Thif fix coverted command `docker logs` to use spf13/cobra
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 4f4b59cc435fbfef236017f3aa36145c1187426b
Component: engine
This fix is part of the effort to convert commands to spf13/cobra #23211.
Thif fix coverted command `docker diff` to use spf13/cobra
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 5899afae52b10d2457848c6e62a7476835befef3
Component: engine
Moves image command rmi to `api/client/image/remove.go` and use cobra :)
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 60e48bd6bd24c559ed92c7217cd7798c85cbb644
Component: engine
This is similar to network scopes where a volume can either be `local`
or `global`. A `global` volume is one that exists across the entire
cluster where as a `local` volume exists on a single engine.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 2f40b1b281a3be8f34d82a5170988ee46ea1f442
Component: engine
Now handles `package.Type` and `*package.Type`
Fixes parsing issues with slice and map types.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 79ff6eaf21dfebad0f8131a1ede235249cd6638f
Component: engine
Testing for the number of commands in `help` output doesn't seem to
contribute much to the quality of the project, and adds additional
burden for the developer to update.
Signed-off-by: Arnaud Porterie (icecrime) <arnaud.porterie@docker.com>
Upstream-commit: dd7e59a40a4c93070f71adb3ec74021241586c21
Component: engine
This fix is part of the effort to convert commands to spf13/cobra #23211.
Thif fix coverted command `docker stop` to use spf13/cobra
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 63d66d2796fa1916a6b40913a6a23063d6169d17
Component: engine
It's been deprecated since November 2013 and v0.6.7. Removing the cli
side of it.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 372063ce1bd0e36e3523360b88e74a1cef55b841
Component: engine
Fix a bug in the vendor helpers that took packages
that started with github.com/docker/docker like if
they were from within the project.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: feab8db60da39ecda00c86b34bf5958ae257a14f
Component: engine
This brings back this message in case missing arguments.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 6180c5c12e770a4bdf3f505944c9d907e5543fab
Component: engine
The error message changed from
remote error: bad certificate
To
remote error: tls: bad certificate
In Go 1.7, so just checking for "bad certificate"
to make this test work on both Go 1.6 and 1.7
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 496adadcec4ba00d230e546239ddc10e4ea41dcf
Component: engine
