Right now, MAC addresses are randomly generated by the kernel when
creating the veth interfaces.
This causes different issues related to ARP, such as #4581, #5737 and #8269.
This change adds support for consistent MAC addresses, guaranteeing that
an IP address will always end up with the same MAC address, no matter
what.
Since IP addresses are already guaranteed to be unique by the
IPAllocator, MAC addresses will inherit this property as well for free.
Consistent mac addresses is also a requirement for stable networking (#8297)
since re-using the same IP address on a different MAC address triggers the ARP
issue.
Finally, this change makes the MAC address accessible through docker
inspect, which fixes#4033.
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
Upstream-commit: 88e21c6a75310da158bbee3a5fdc135697c93ba1
Component: engine
Also wrap access in mutex.
Makes sure we don't have any pontential for races in accessing this.
It also doesn't really need to be/shouldn't be in the config.json anyway
Docker-DCO-1.1-Signed-off-by: Brian Goff <bgoff@cpuguy83-mbp.home> (github: cpuguy83)
Upstream-commit: c5e728c953e29b8008cdfb8367910e33ba28b99c
Component: engine
The biggest/bestest change here is cutting down on the number of calls to Docker in the filtering helpers (`__docker_containers_running`, etc), especially calls to the really heavy `docker images`.
Signed-off-by: Andrew Page <admwiggin@gmail.com>
Upstream-commit: 0597b6445db0b0aeb4a0459f3af4f074a865a42f
Component: engine
Add support for pulling signed images from a version 2 registry.
Only official images within the library namespace will be pull from the
new registry and check the build signature.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: 7c88e8f13d9f0c68de6da0cd467a541231304dd5
Component: engine
Using repo tag in the status message for better usability, as per review comments
Added documentation and Changed code to print Status after downloads are complete
Addresses #2404
Signed-off-by: Srini Brahmaroutu <srbrahma@us.ibm.com>
Upstream-commit: ecff6303a366a5e8fd178b7baa1c64895a3a3622
Component: engine
debootstrap needs the suite as the second argument, for this the script
reorders arguments beginning with a minus but components separated by
space, as stated by the help message, is not handled and will lead to
the rootfs being passed as suite to debootstrap.
The poor mans solution is to fix the help message to pass the long
option as one argument.
Signed-off-by: Julian Taylor <jtaylor.debian@googlemail.com>
Upstream-commit: 34672240b4e69f5f50448e462540bb0259eecf31
Component: engine
Updated to version of libtrust with the trust graph implementation
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: 8a6c7100ea7f6ea82ba567863b6401f45766625b
Component: engine
Add --security-opts options to allow user to customize container labels and apparmor profile
Upstream-commit: d40ab6f1238c78ea84645e516f1f24d7991798b0
Component: engine
Now that the archive package does not depend on any docker-specific
packages, only those in pkg and vendor, it can be safely moved into pkg.
Signed-off-by: Rafe Colton <rafael.colton@gmail.com>
Upstream-commit: 30d5a42c1f24e26f681b7330249f04fec891aee9
Component: engine
