Without this the docker.socket would not start by default when starting
the docker.service leading to failures to start.
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
(cherry picked from commit 88885d18b1bb0ef91eab4ad3311773f9c40838b7)
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
Upstream-commit: 93f125a2602b7eb72128cbc16d9d35c9d92ed18a
Component: packaging
go1.10.5 (released 2018/11/02) includes fixes to the go command, linker,
runtime and the database/sql package. See the milestone on the issue
tracker for details:
List of changes; https://github.com/golang/go/issues?q=milestone%3AGo1.10.5
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 871d24d3fc
Component: cli
Removes the systemd drop-in unit file for socket activation and instead
prefers socket activation by default for both RHEL based and DEBIAN
based distributions.
Socket activation for RHEL based distributions was tested on CentOS 7 and Fedora 28.
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
(cherry picked from commit 91c85cd38197b9d92d5b3e8a1b577d3178d73fcc)
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
Upstream-commit: 6a7e302c260a2ff7e4d8b7a6d01249a09c140618
Component: packaging
go1.10.5 (released 2018/11/02) includes fixes to the go command, linker,
runtime and the database/sql package. See the milestone on the issue
tracker for details:
List of changes; https://github.com/golang/go/issues?q=milestone%3AGo1.10.5
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 00ad8e7c5730f3c50ae2e548b47d1340202f72b2
Component: engine
@sw-pschmied originally post this in #38285
While looking through the Moby source code was found /proc/asound to be
shared with containers as read-only (as defined in
https://github.com/moby/moby/blob/master/oci/defaults.go#L128).
This can lead to two information leaks.
---
**Leak of media playback status of the host**
Steps to reproduce the issue:
- Listen to music/Play a YouTube video/Do anything else that involves
sound output
- Execute docker run --rm ubuntu:latest bash -c "sleep 7; cat
/proc/asound/card*/pcm*p/sub*/status | grep state | cut -d ' ' -f2 |
grep RUNNING || echo 'not running'"
- See that the containerized process is able to check whether someone
on the host is playing music as it prints RUNNING
- Stop the music output
- Execute the command again (The sleep is delaying the output because
information regarding playback status isn't propagated instantly)
- See that it outputs not running
**Describe the results you received:**
A containerized process is able to gather information on the playback
status of an audio device governed by the host. Therefore a process of a
container is able to check whether and what kind of user activity is
present on the host system. Also, this may indicate whether a container
runs on a desktop system or a server as media playback rarely happens on
server systems.
The description above is in regard to media playback - when examining
`/proc/asound/card*/pcm*c/sub*/status` (`pcm*c` instead of `pcm*p`) this
can also leak information regarding capturing sound, as in recording
audio or making calls on the host system.
Signed-off-by: Jonathan A. Schweder <jonathanschweder@gmail.com>
(cherry picked from commit 64e52ff3dbdb31adc0a9930b3ea74b04b0df8d86)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 5fffdb32261145b1178f571e25fbd71572769d58
Component: engine
Signed-off-by: John Howard <jhoward@microsoft.com>
(cherry picked from commit 14c8b67e51a8340284dfd8919843ce9edd1e5c71)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 9c93de59da8eaa0e0e0377578a33b465b9465bb2
Component: engine
This is needed for implementing bash completion for the `docker manifest`
command family.
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit a183c952c6)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 2a36695037
Component: cli
This preapares bash completion for more context sensitivity:
- experimental cli features
- orchestrator specific features
Also renames _daemon_ to _server_ where used in context of `docker version`
because the fields there are grouped unter _Server_.
Signed-off-by: Harald Albers <github@albersweb.de>
(cherry picked from commit 564d4da06e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: dc74fc81f2
Component: cli
A similar change was made in the CLI itself, but is not
inherited by the code that generates the YAML docs.
Before this patch is applied;
```
usage: docker container exec [OPTIONS] CONTAINER COMMAND [ARG...] [flags]
```
With this patch applied:
```
usage: docker container exec [OPTIONS] CONTAINER COMMAND [ARG...]
```
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 44d96e9120)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 7e90635652
Component: cli
The RPM packages list containerd as a hard dependency. While
having containerd installed allows certain features (e.g., allow
you to run `docker engine activate`), this should not be a requirement
for installing the Docker CLI, as it limits the use of this package
for situations where the CLI is installed to connect to a remote
daemon.
This patch removes the containerd dependency from the RPM packages
(the deb packages don't have this dependency, so no change is needed
in those packages)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 037349c5dc3f18d3bea3be0217e249f716a8be25)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
Upstream-commit: bc3867a8f6e59c56c967720c33c6ce9a65b64b7b
Component: packaging
During the migration to "image based builds", some dependencies
were removed.
This patch brings back those dependencies.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: a6ff66f1a51af62c9fd17a8b931f8a9b0283247a
Component: packaging
This requirement was originally added in 86f76496ce33bd6eff1737348bc44add4723ddd2,
but got removed in the migration to the new image-based packaging.
Commit f2ceca98823548e401c6cca125b7057df28c4892 added this requirement
back for `.deb` packages, but did not include the same changes for
RPMs.
This patch adds back the requirement for RPM packages as well.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 86ed6eb2cef4e7386979fc73397c1844531eb3a9
Component: packaging
Nightly builds wouldn't install correctly since our versioning scheme
for nightly builds is 0.0.0~ and 0 < 18.
Should be backwards compatible with 18.09 builds so there's no need to
actually backport this to 18.09.
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
(cherry picked from commit de312224beff9c6bc7fd6def46459d531cf2ce4a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 3e383bee967aa07d35ea717544bc18aafbbad4f7
Component: packaging
