Fixed the following errors:
1. Request(0) causes a dead loop when the map is full and map.last == BEGIN.
2. When map.last is the only available port (or ip), Request(0) returns ErrAllPortsAllocated (or ErrNoAvailableIPs). Exception is when map.last == BEGIN.
Signed-off-by: shuai-z <zs.broccoli@gmail.com>
Upstream-commit: 4c978322979f00408c72b50931a8cdea2d5cdefc
Component: engine
This re-applies commit b39d02b with additional iptables rules to solve the issue with containers routing back into themselves.
The previous issue with this attempt was that the DNAT rule would send traffic back into the container it came from. When this happens you have 2 issues.
1) reverse path filtering. The container is going to see the traffic coming in from the outside and it's going to have a source address of itself. So reverse path filtering will kick in and drop the packet.
2) direct return mismatch. Assuming you turned reverse path filtering off, when the packet comes back in, it's goign to have a source address of itself, thus when the reply traffic is sent, it's going to have a source address of itself. But the original packet was sent to the host IP address, so the traffic will be dropped because it's coming from an address which the original traffic was not sent to (and likely with an incorrect port as well).
The solution to this is to masquerade the traffic when it gets routed back into the origin container. However for this to work you need to enable hairpin mode on the bridge port, otherwise the kernel will just drop the traffic.
The hairpin mode set is part of libcontainer, while the MASQ change is part of docker.
This reverts commit 63c303eecdbaf4dc7967fd51b82cd447c778cecc.
Docker-DCO-1.1-Signed-off-by: Patrick Hemmer <patrick.hemmer@gmail.com> (github: phemmer)
Upstream-commit: 95a400e6e1a3b5da68431e64f9902a3fac218360
Component: engine
one linux, the optional field designates the sharedsubtree information,
if any.
Signed-off-by: Vincent Batts <vbatts@redhat.com>
Upstream-commit: 91b4ac320fd91a6b776713b3c35a51da96024b32
Component: engine
The argument specified the json data to save to disk when registering
a new image into the image graph. If it is nil, then the given image
is serialized to json and that is written by default. This default
behavior is sufficient if the given image was originally deserialzed
from this jsonData to begin with which has always been the case.
Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Upstream-commit: 26184de8ab1dfe812094c55c9becd8ebb60ed7be
Component: engine
The Hub no longer accepts short descriptions over 100 characters.
Signed-off-by: Andrew Page <admwiggin@gmail.com>
Upstream-commit: 693b9d335cc1fe688a7fffb62e5da97a5d5a3b13
Component: engine
E.g. "docker foobar run" would have printed "Command not found:
foobar" and printed the help text for "run". It should instead
print the root help message for docker.
Signed-off-by: Ben Firshman <ben@firshman.co.uk>
Upstream-commit: ef004ec03fe5aad33da7d53f196f16382c750d07
Component: engine
While working on the fix for #8330 I noticed a few things:
1 - the split() call for the .dockerignore process will generate a blank
"exclude". While this isn't causing an issue right now, I got worried
that in the future some code later on might interpret "" as something bad,
like "everything" or ".". So I added a check for an empty "exclude"
and skipped it
2 - if someone puts "foo" in their .dockerignore then we'll skip "foo".
However, if they put "./foo" then we won't due to the painfully
simplistic logic of go's filepath.Match algorithm. To help things
a little (and to treat ./Dockerfile just like Dockerfile) I added
code to filepath.Clean() each entry in .dockerignore. It should
result in the same semantic path but ensure that no matter how the
user expresses the path, we'll match it.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Upstream-commit: c0f0f5c9887032c606750b645001829d9f14f47c
Component: engine
Change `The team can now use this image by run their own containers.` to `The team can now use this image by running their own containers.`
Upstream-commit: d22d32d61fc024d2c81e75f870d802f7a2cd28fd
Component: engine
Reuse WORKDIR wording to specify that the USER instructions affect the
following RUN, CMD, and ENTRYPOINT instructions.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Upstream-commit: de9bf24750e0a9774a475eae74cbd2c241224e10
Component: engine
Since V2 registry does not yet implement mirrors, when mirrors are given automatically fallback to V1 without checking V2 first.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: 9d6391a9ebca6c7bd4b262ebb5a4baf9d2c222f9
Component: engine
The note under the RUN header refers to the CMD instruction. It should refer to the RUN instruction instead.
Signed-off-by: Huu Nguyen <whoshuu@gmail.com>
Upstream-commit: b16f3736edf2427761cbc1c8fc5c4892299b2232
Component: engine
