This bumps containerd to cf554d59dd96e459544748290eb9167f4bcde509 and
includes various fixes and updates the grpc package and types generated
for use.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: d17b9f3da064f4c7e70867be5e64d06b127df301
Component: engine
In order to do this, allow the socketcall syscall in the default
seccomp profile. This is a multiplexing syscall for the socket
operations, which is becoming obsolete gradually, but it is used
in some architectures. libseccomp has special handling for it for
x86 where it is common, so we did not need it in the profile,
but does not have any handling for ppc64le. It turns out that the
Debian images we use for tests do use the socketcall, while the
newer images such as Ubuntu 16.04 do not. Enabling this does no
harm as we allow all the socket operations anyway, and we allow
the similar ipc call for similar reasons already.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Upstream-commit: a83cedddc6d3e0fe1df352ec54245090df641ab8
Component: engine
Removes seccomp from ppc64le as a buildtag
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
Upstream-commit: 31cc7dc135b606410471a553247ef75b42c3f181
Component: engine
This pr adds in building seccomp to ppc64le.
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
Upstream-commit: 107db89b6e7a465779bc3f89008fa15a4ef2d708
Component: engine
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
Set up the mount label in the spec for a container
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
Upstream-commit: e0f98c698b49e3790fe63bff611eeda6f5b46055
Component: engine
This change adds file version information to docker.exe and dockerd.exe by
adding a Windows version resource with the windres tool.
This change adds a dependency to binutils-mingw-w64 on Linux, but removes
a dependency on rsrc. Most Windows build environments should already have
windres if they have gcc (which is necessary to build dockerd).
Signed-off-by: John Starks <jostarks@microsoft.com>
Upstream-commit: 4677f8036e8d090303ef76cbbe4f703d5c85d752
Component: engine
This vendors in new spec/runc that supports
setting readonly and masked paths in the
configuration. Using this allows us to make an
exception for `—-privileged`.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Upstream-commit: 3f81b4935292d5daedea9de4e2db0895986115da
Component: engine
This includes fixes for;
- outputing errors for missing seccomp options on seccomp versions < 2.3
- cap set apply EPERM errors on ARM systems
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 752b31d3fe6fcbea9e14247c3896334734eba7f2
Component: engine
runc expects a systemd cgroupsPath to be in slice:scopePrefix:containerName
format and the "--systemd-cgroup" option to be set. Update docker accordingly.
Fixes 21475
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
Upstream-commit: 7ed3d265a4499ec03f10537fea0aac3ebaa0cec6
Component: engine
Despite the current issue with unix sockets and golang, I'm bumping this back up to 1.6.
Go <1.6 has major compatibility issues on ppc64* including not supporting dynamic binding,
so we would have to go back to gccgo, which is worse in a lot of other categories. Ultimately for us,
the amount of people affected by this issue isn't worth switching compilers.
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
Upstream-commit: 3e3ac8abeaf892bbb985e7b70b37f6eee1731338
Component: engine
To not hit the issue with the request Host header.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 3e0bd74a3d2647fa8c7783f4a053ad225746e6eb
Component: engine
Contains fixes for:
- pid.max fix that is causing hang on network stats test.
- fix for early stdin close containerd-shim
- better logging for `could not synchronise with container process`
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Upstream-commit: 22d997b3745e278d5a2b0b85d56c0d2b166e3a74
Component: engine
Removes the seccomp buildtag when building runc.
Because seccomp isn't currently being built, this would cause
the build to fail.
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
Upstream-commit: 2caf09d37b5865882dfa8c60d5362fd6d2ba54fd
Component: engine
Now that we are using gc/go 1.6, update a few hashes as well
as actually building the notary binary
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
Upstream-commit: 2bcf50bdd41174b2519cab66b1fef0eb8bc78f9b
Component: engine
Fixes broken-pipe issue when piping s3cmd to grep -q, by removing the -q
flag and redirecting to /dev/null instead.
Add net-tools for ifconfig, because some tests rely on ifconfig.
Harmonize all Dockerfiles in this direction.
Signed-off-by: Tibor Vass <tibor@docker.com>
Upstream-commit: f27b5dda4afc0b0a278eb5379d17dfc3533c5397
Component: engine
