Use tabwriter to print the version output
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 48eb7a082d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Darren Stahl <darst@microsoft.com>
(cherry picked from commit 1f28844d7869609f371ab2a7881e4488a79a7e27)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This fix was part of 8c3d0b93d6,
but was reverted due to the order in which other changes were
backported.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Importing from moby's DockerTrustSuite tests.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 8b00c5cfd8)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Some of them are skipped for now (because the feature is not supported
or needs more work), some of them are fixed.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 0cf2e6353a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Adds a `make.ps1` powershell script to make it easy to compile and test.
```
.\scripts\make.ps1 -Binary
INFO: make.ps1 starting at 03/01/2018 14:37:28
INFO: Building...
________ ____ __.
\_____ \ | |/ _|
/ | \| <
/ | \ | \
\_______ /____|__ \
\/ \/
INFO: make.ps1 ended at 03/01/2018 14:37:30
.\scripts\make.ps1 -TestUnit
```
The next step is to run e2e tests on windows too.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit facb22573d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- `replaceDockerfileForContentTrust` is only used when content trust is
enabled, so remove the boolean.
- rename `isContentTrustEnabled` to `contentTrustEnabled`
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 63ebcae382)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Rename IsTrusted to ContentTrustEnabled
Signed-off-by: Daniel Nephin <dnephin@docker.com>
(cherry picked from commit feae0e9756)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Remove the global variable used. Allows easier unit testing.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 6e21829af4)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
With a default filename tests will leave a file in the working directory
that is never cleaned up.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
(cherry picked from commit 7c8b5708eb)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Fix tests that failed when using cmp.Compare()
internal/test/testutil/assert
InDelta
Fix DeepEqual with kube metav1.Time
Convert some ErrorContains to assert
Signed-off-by: Daniel Nephin <dnephin@docker.com>
(cherry picked from commit 5155cda716)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 5433ceb12ead305d8c85e8e27c4b4d842ef88ae0)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This was added as part of a53930a04fa81b082aa78e66b342ff19cc63cc5f with
the intent to sort the mounts in the plugin config, but this was sorting
*all* the mounts from the default OCI spec which is problematic.
In reality we don't need to sort this because we are only adding a
self-binded mount to flag it as rshared.
We may want to look at sorting the plugin mounts before they are added
to the OCI spec in the future, but for now I think the existing behavior
is fine since the plugin author has control of the order (except for the
propagated mount).
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit ec90839ca302ca53a7d55e4c7f79e7b4779f5e15)
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Removes a line talking about updating runc to a specific commit.
Runc was updated twice during separate rcs and this line might cause confusion for users in regards to what version of runc to expect in 18.03.
Signed-off-by: corbin-coleman <corbin.coleman@docker.com>
This is a test case for issue https://github.com/moby/moby/issues/35123,
making sure we can set container's memory limit when using
`native.cgroupdriver=systemd`.
[v2: skip if no systemd present]
[v3: add --iptables=false to avoid flaky tests with t.Parallel()]
[v4: rebase after PR#36507 merge]
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 4ca5c5361059e29ed31074ca5b96f8b2030b5f99)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Exec processes do not automatically inherit AppArmor
profiles from the container.
This patch sets the AppArmor profile for the exec
process.
Before this change:
apparmor_parser -q -r <<EOF
#include <tunables/global>
profile deny-write flags=(attach_disconnected) {
#include <abstractions/base>
file,
network,
deny /tmp/** w,
capability,
}
EOF
docker run -dit --security-opt "apparmor=deny-write" --name aa busybox
docker exec aa sh -c 'mkdir /tmp/test'
(no error)
With this change applied:
docker exec aa sh -c 'mkdir /tmp/test'
mkdir: can't create directory '/tmp/test': Permission denied
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 8f3308ae10ec9ad0dd4edfb46fde53a0e1e19b34)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Update libnetwork to 1b91bc94094ecfdae41daa465cc0c8df37dfb3dd to bring in a fix
for stale HNS endpoints on Windows:
When Windows Server 2016 is restarted with the Docker service running, it is
possible for endpoints to be deleted from the libnetwork store without being
deleted from HNS. This does not occur if the Docker service is stopped cleanly
first, or forcibly terminated (since the endpoints still exist in both). This
change works around the issue by removing any stale HNS endpoints for a network
when creating it.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit fb364f07468e94226250a1e77579ee6117c64be2)
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
