We can use this to control block IO weight of a container.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Upstream-commit: f133f11a7d25e6262558dd733afaa95ddd1c7aee
Component: engine
The `--userland-proxy` daemon flag makes it possible to rely on hairpin
NAT and additional iptables routes instead of userland proxy for port
publishing and inter-container communication.
Usage of the userland proxy remains the default as hairpin NAT is
unsupported by older kernels.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Upstream-commit: f42348e18f73d1d775d77ac75bc96466aae56d7c
Component: engine
Add cgroup support for disable OOM killer.
Signed-off-by: Hu Keping <hukeping@huawei.com>
Upstream-commit: a4a924e1b6c50f0f02460489259d73468a6c282e
Component: engine
This patch modifies the journald log driver to store the container ID in
a field named CONTAINER_ID, rather than (ab)using the MESSAGE_ID field.
Additionally, this adds the CONTAINER_ID_FULL field containing the
complete container ID and CONTAINER_NAME, containing the container name.
When using the journald log driver, this permits you to see log messages
from a particular container like this:
# journalctl CONTAINER_ID=a9238443e193
Example output from "journalctl -o verbose" includes the following:
CONTAINER_ID=27aae7361e67
CONTAINER_ID_FULL=27aae7361e67e2b4d3864280acd2b80e78daf8ec73786d8b68f3afeeaabbd4c4
CONTAINER_NAME=web
Closes: #12864
Signed-off-by: Lars Kellogg-Stedman <lars@redhat.com>
Upstream-commit: 869ecba652294e069874c83591d6f1b469d7cc32
Component: engine
prioritize the ports with static mapping before dynamic mapping. This removes
the port conflicts when we allocate static port in the reserved range
together with dynamic ones.
When static port is allocated first, Docker will skip those when determining
free ports for dynamic ones.
Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com>
Upstream-commit: cd2b019214eb1978ae267786668dc7a8a3702679
Component: engine
Due to the importance of path safety, the internal sanitisation wrappers
for volumes and containers should be exposed so other parts of Docker
can benefit from proper path sanitisation.
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
Upstream-commit: 4377ebd6a758278c1766006c7eb8b777fa175719
Component: engine
Allows `docker cp` to work seamlessly, and a lot more cleanly.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 8ce42baaef314a75bb6726891774393d540e9d06
Component: engine
Check whether the swap limit capabilities are disabled or not only when memory swap is set to greater than 0.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 7523beff41eca212794e902afa1a614b2672e245
Component: engine
We have moved resource configs to hostConfig.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Upstream-commit: 39932511c134938233e8bfe4796cec9a1b30d11e
Component: engine
When we tag an Image with several names and we run one of them,
The "create" job will log this event with
+job log(create, containerID, Imagename).
And the "Imagename" is always the first one (sorted). It is the
same to "start/stop/rm" jobs. So use the correct name instand.
This PR refer to #10479
Signed-off-by: Liu Hua <sdu.liu@huawei.com>
Upstream-commit: 663d9130118548c648c4463bae088fd983099e08
Component: engine
I have seen a lot of people try to do this and reach out to me on how to mount
/dev/snd because it is returning "not a device node". The docs imply you can
_just_ mount /dev/snd and that is not the case. This fixes that. It also allows
for coolness if you want to mount say /dev/usb.
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <hugs@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <princess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessie Frazelle <jess@docker.com> (github: jfrazelle)
Docker-DCO-1.1-Signed-off-by: Jessica Frazelle <jess@docker.com> (github: jfrazelle)
Upstream-commit: 664004ed0c6c99369720a00f5673f1e106d9496d
Component: engine
Do not remove container if any of the resource could not be cleaned up. We
don't want to leak resources.
Two new states have been created. RemovalInProgress and Dead. Once container
is Dead, it can not be started/restarted. Dead container signifies the
container where we tried to remove it but removal failed. User now needs to
figure out what went wrong, corrent the situation and try cleanup again.
RemovalInProgress signifies that container is already being removed. Only
one removal can be in progress.
Also, do not allow start of a container if it is already dead or removal is
in progress.
Also extend existing force option (-f) to docker rm to not return an error
and remove container from user view even if resource cleanup failed.
This will allow a user to get back to old behavior where resources
might leak but atleast user will be able to make progress.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Upstream-commit: 40945fc186067e5b7edd1f6cd7645ff2ae7cea6c
Component: engine
Add a integration test TestCpSpecialFiles
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 8bc330d8632ef0129b433b877a5e2fc88bb2eb39
Component: engine
