This PR adds the ability to make docker debs for xenial on power
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
Upstream-commit: 64881dc331f1f0ff861eb82bb05eef63d6693a67
Component: engine
This is to update the zsh and bash completion script for
23367.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 7fd2c809622e66bb3157fbf1ab797152636a2df5
Component: engine
added the firewalld.service symbol in the After line docker
will always start after firewalld, thus eliminating the issue
of firewall blocking all mapped traffic.
Signed-off-by: Ramon Brooker <Ramon.Brooker@imaginecommunications.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 73e08286f920881a431fa7befd3909e72303680b
Component: engine
With the latest OL7.2, selinux policy that is shipped
might not be the latest for it to work or build with
selinux policy for docker-1.12.
To be able to achieve that here is what is done:
1. Added systemd_machined policy which is part of systemd.
2. Temporarily comment out unconfined_typebounds because the
current OL7's selinux doesn't have unconfineduser selinux policy,
to include this will be too much. Will revisit this once we have
updated the selinux policy.
Fixes: #24612
Signed-off-by: Thomas Tanaka <thomas.tanaka@oracle.com>
Upstream-commit: d6cae872c704c6cf36ee7d5c9b472e33280af202
Component: engine
This change allows btrfs subvolumes to be found in additional system
configurations. The old logic failed to correctly identify subvolumes
when the root fs was mounted as a subvolume that was not the btrfs
filesystem root.
Signed-off-by: Adam Mills <adam@armills.info>
Upstream-commit: c3aa75c5a73bed12f44d863618cabef780f5f5bd
Component: engine
This adds the ability to have different profiles for individual distros
and versions of the distro because they all ship with and depend on
different versions of policy packages.
The `selinux` dir contains the unmodified policy that is being used
today. The `selinux-fedora` dir contains the new policy for fedora 24
with the changes for it to compile and work on the system.
The fedora policy is from commit
4a6ce94da5
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: 32b1f26c5111b22fe4277879c4f5e4687a6a72fc
Component: engine
Otherwise the while loop waits forever, checking for
a filename made up of all the names.
Signed-off-by: Bryan Boreham <bjboreham@gmail.com>
Upstream-commit: 68dab9bd0910e22c96d5dfcbd4e972f8ce770a88
Component: engine
Add a test that the default seccomp profile allows execution of 32 bit binaries
Upstream-commit: 8a8a63aa32a60e12b3c4d8e9e3397a8bd3b96d54
Component: engine
Rather than conflict with the unexposed task model, change the names of
the object-oriented task display to `docker <object> ps`. The command
works identically to `docker service tasks`. This change is superficial.
This provides a more sensical docker experience while not trampling on
the task model that may be introduced as a top-level command at a later
date.
The following is an example of the display using `docker service ps`
with a service named `condescending_cori`:
```
$ docker service ps condescending_cori
ID NAME SERVICE IMAGE LAST STATE DESIRED STATE NODE
e2cd9vqb62qjk38lw65uoffd2 condescending_cori.1 condescending_cori alpine Running 13 minutes ago Running 6c6d232a5d0e
```
The following shows the output for the node on which the command is
running:
```console
$ docker node ps self
ID NAME SERVICE IMAGE LAST STATE DESIRED STATE NODE
b1tpbi43k1ibevg2e94bmqo0s mad_kalam.1 mad_kalam apline Accepted 2 seconds ago Accepted 6c6d232a5d0e
e2cd9vqb62qjk38lw65uoffd2 condescending_cori.1 condescending_cori alpine Running 12 minutes ago Running 6c6d232a5d0e
4x609m5o0qyn0kgpzvf0ad8x5 furious_davinci.1 furious_davinci redis Running 32 minutes ago Running 6c6d232a5d0e
```
Signed-off-by: Stephen J Day <stephen.day@docker.com>
Upstream-commit: 0aa4e1e68973ede0c73f8a4356e2a17fc903f549
Component: engine
While testing #24510 I noticed that 32 bit syscalls were incorrectly being
blocked and we did not have a test for this, so adding one.
This is only tested on amd64 as it is the only architecture that
reliably supports 32 bit code execution, others only do sometimes.
There is no 32 bit libc in the buildpack-deps so we cannot build
32 bit C code easily so use the simplest assembly program which
just calls the exit syscall.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Upstream-commit: 93bbc76ee53240e0862c6f1ff409e7a4ee0883dc
Component: engine
This changes the default behavior so that rolling updates will not
proceed once an updated task fails to start, or stops running during the
update. Users can use docker service inspect --pretty servicename to see
the update status, and if it pauses due to a failure, it will explain
that the update is paused, and show the task ID that caused it to pause.
It also shows the time since the update started.
A new --update-on-failure=(pause|continue) flag selects the
behavior. Pause means the update stops once a task fails, continue means
the old behavior of continuing the update anyway.
In the future this will be extended with additional behaviors like
automatic rollback, and flags controlling parameters like how many tasks
need to fail for the update to stop proceeding. This is a minimal
solution for 1.12.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 57ae29aa74e77ade3c91b1c77ba766512dae9ab4
Component: engine
