This else case was lost in the migration from native execdriver to OCI
implementation via runc. There is no need to have external setkey when
--net=host.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
Upstream-commit: 1771d35b4852be197c90c19ba5aada940e133c2b
Component: engine
Kernel has no limit for memory reservation, but in different
kernel versions, the default behavior is different.
On kernel 3.13,
docker run --rm --memory-reservation 1k busybox cat /sys/fs/cgroup/memory/memory.soft_limit_in_bytes
the output would be 4096, but on kernel 4.1, the output is 0.
Since we have minimum limit for memory and kernel memory, we
can have this limit for memory reservation as well, to make
the behavior consistent.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Upstream-commit: 50a61810056a421fb94acf26277995f2c1f31ede
Component: engine
This vendors in new spec/runc that supports
setting readonly and masked paths in the
configuration. Using this allows us to make an
exception for `—-privileged`.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Upstream-commit: 3f81b4935292d5daedea9de4e2db0895986115da
Component: engine
These fields are needed to specify the exact version of Windows that an
image can run on. They may be useful for other platforms in the future.
This also changes image.store.Create to validate that the loaded image is
supported on the current machine. This change affects Linux as well, since
it now validates the architecture and OS fields.
Signed-off-by: John Starks <jostarks@microsoft.com>
Upstream-commit: 194eaa5c0f843257e66b68bd735786308a9d93b2
Component: engine
Show a different message if a dynamic binary
is running, but doesn't have udev sync support.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: b8f38747e60eb76e19f08129ab27cb808d21c22a
Component: engine
btrfs-progs-4.5 introduces device delete by devid
for this reason btrfs_ioctl_vol_args_v2's name was encapsulated
in a union
this patch is for setting btrfs_ioctl_vol_args_v2's name
using a C function in order to preserve compatibility
with all btrfs-progs versions
Signed-off-by: Julio Montes <imc.coder@gmail.com>
Upstream-commit: a038cccf88998814249a7a40b71a33a680e3f02f
Component: engine
2.change schema into scheme in docs and some annotations.
Signed-off-by: allencloud <allen.sun@daocloud.io>
Upstream-commit: 28d3c22e55259281c70fd90780a1b0d388450ddf
Component: engine
- Refactor generic and path based cleanup functions into a single function.
- Include aufs and zfs mounts in the mounts cleanup.
- Containers that receive exit event on restore don't require manual cleanup.
- Make missing sandbox id message a warning because currently sandboxes are always cleared on startup. libnetwork#975
- Don't unmount volumes for containers that don't have base path. Shouldn't be needed after #21372
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Upstream-commit: 05cc737f5411a0effd299429140d031c4ad8dd05
Component: engine
This makes Windows behavior consistent with Linux -- the entry point must
be an executable, not an executable and set of arguments.
Signed-off-by: John Starks <jostarks@microsoft.com>
Upstream-commit: 6fa0239772e672eefb98cef91ca8d806b86182b0
Component: engine
This pull request added a `SecurityOptions` field in the `GET /info`
output to show if there is `apparmor`, `seccomp`, or `selinux` suport.
The API changes are updated in the documentation and the update in
`GET /info` is covered by the test case in `TestInfoApi`.
This pull request fixes#20909.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 190654aa2ee880c2052c0887a215b85d24049f6d
Component: engine
Fix unmount issues in the daemon crash and restart lifecycle, w.r.t
graph drivers. This change sets a live container RWLayer's activity
count to 1, so that the RWLayer is aware of the mount. Note that
containerd has experimental support for restore live containers.
Added/updated corresponding tests.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
Upstream-commit: 511a70583fbb901f57acb44d501cca8e6dcbce2c
Component: engine
runc expects a systemd cgroupsPath to be in slice:scopePrefix:containerName
format and the "--systemd-cgroup" option to be set. Update docker accordingly.
Fixes 21475
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
Upstream-commit: 7ed3d265a4499ec03f10537fea0aac3ebaa0cec6
Component: engine
fixes races between list and create
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: 114be249f022535f0800bd45987c4e9cd1b321a4
Component: engine
Use an interface to specify the behavior of a configuration decoder.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: f0d26e1665f7552972db5b041554cc7b45bc3060
Component: engine
