Doing a chown/chmod automatically can cause `EPERM` in some cases (e.g.
with an NFS mount). Currently Docker will always call chown+chmod on a
volume path unless `:nocopy` is passed in, but we don't need to make
these calls if the perms and ownership already match and potentially
avoid an uneccessary `EPERM`.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: f05a023760493dbd41fbfc1bb76ad334b579e94e
Component: engine
Whitelisting adjtimex get time operation and requiring CAP_SYS_TIME only in case of adjustment
Upstream-commit: 4f259698b07653e9e5220e097df79862f9e54b74
Component: engine
otherwise if the user gets the info from the API, makes a non-CA related change,
then updates, swarm will interpret this as the user trying to remove the signing
key from the swarm. We are redacting due to usability reasons, not because
the signing cert is secret. The signing KEY is secret, hence it's redacted.
Signed-off-by: Ying Li <ying.li@docker.com>
Upstream-commit: bdfbd22afbbf16a07f0316656c6c17453df3e0f7
Component: engine
Description:
When docker is in startup process and containerd sends an "process exit" event to docker.
If the container config '--restart=always', restartmanager will start this container very soon.
But some initialization is not done, e.g. `daemon.netController`,when visit, docker would panic.
Signed-off-by: Wentao Zhang <zhangwentao234@huawei.com>
Upstream-commit: 5b0993d6c778c18735692560538c790faa3dbbb4
Component: engine
They have been moved to github.com/docker/cli.
Signed-off-by: Tibor Vass <tibor@docker.com>
Upstream-commit: b5579a4ce33af4c1f67118e11b5a01008a36d26a
Component: engine
Also, this removes the use of a questionable golang range feature which
corrects for mutation of a slice during iteration over that slice. This
makes the filter operation easier to read and reason about.
Signed-off-by: David Sheets <dsheets@docker.com>
Upstream-commit: 7da3986297e04b419ce08b19766633dba36b7d30
Component: engine
Fix#33052 (workaround style)
**- What I did**
HNS reports networks that don't have anything to do with the Daemon, and
for which no networking plugin is available. This make the Daemon start
sequence pause for 15 secs, as the plugin resolving logic has a wait &
retry logic
**- How I did it**
Just after retrieving the HNS networks, I filter out those with type
`Private`
**- How to verify it**
Replace dockerd coming with Docker for Windows from one built from this
PR. Windows containers daemon should now launch pretty quickly
Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
Upstream-commit: b91fd26bb57c94a7ea7f77e5e548233506b78d21
Component: engine
Moby and Docker are separate projects, so
don't assign docker milestones to pull requests
in this repository.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: e481509c746bb53c93b11c349f42ed2549ab728c
Component: engine
This patch simplifies the test by;
- re-using the registry-mock / handler
- skipping the last `docker build`, which was only
used to make sure a local image was present. Instead,
the daemon is started with a `busybox` image loaded.
Also added a comment, explaining why the mock always
returns a 404 (hence, error/output-string should not
be checked in the test), and made the mock return a
valid/correctly formatted error response.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 5d04fe73bf9fa7cff1b99206f39536aed807efb3
Component: engine
The `makefile()` utility was used to create a temporary Dockerfile, and after
tests completed, this file was deleted.
However, the _build_ used the current path (`/usr/local/bin/docker`) as
build-context. As a result, roughtly 20 MB was sent as build-context for each
build, but none of the builds actually required a build-context.
This patch;
- creates a temp-dir for the test, which can be used as build-context
- changes the `makefile()` utility and removes the `cleanup` functionality
- instead, the `temp-dir` is removed after the test finishes (which also removes the temporary `Dockerfile`)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: ebe66b1d0f52dc58a98a428d4efa4d2f2743b96e
Component: engine
