commit 4aa5da278f49c889d43191f82ff42d3a95266d62 moves `Console` from Command to
ProcessConfig, but missed the change in lxc_template. Therefore creating a
container with tty using lxc driver with fail with error
template: lxc:60:20: executing "lxc" at <.Console>: Console is not a field of
struct type struct { *execdriver.Command; AppArmor bool; ProcessLabel string; MountLabel string }
This changes lxc_console template to refers to `.ProcessConfig.Console`
Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)
Upstream-commit: 4b3b54ca388cd49cd790def66fbce9af2be2f20f
Component: engine
Since these will be shared between containers we want to label
them as svirt_sandbox_file_t:s0. That will allow multiple containers
to write to them.
Currently we are allowing container domains to read/write all content in
/var/lib/docker because of container volumes. This is a big security hole
in our SELinux story.
This patch will allow us to tighten up the security of docker containers.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Upstream-commit: 73617e5e18159e5f791d2860c7857cd5dea31be4
Component: engine
These commands now all output the same thing:
- docker
- docker help
- docker --help
- docker -h
Signed-off-by: Ben Firshman <ben@firshman.co.uk>
Upstream-commit: f3ed7b601fa6151868416254e79a18751c5ff024
Component: engine
Sven Dowideit Update export, copy and build API to say 'TAR STREAM' for all versions.
Upstream-commit: 10e4ca760ca1d1145169dbff94e0c8414928b79c
Component: engine
It is a tar stream, you should mention that somehow.
Here is the proof:
```
host:~$ docker run -t -i ubuntu:14.04 bash
root@c39be4c7b7c8:/# echo "my file contents" > abc
root@c39be4c7b7c8:/# cat abc
my file contents
root@c39be4c7b7c8:/# exit
host:~$ curl -H "Content-Type: application/json" -d '{"Resource":"/abc"}' http://localhost:4500/containers/c39be4c7b7c8/copy
abc0100644000000000000000000000002112402102531007674 0ustar0000000000000000my file contents
host:~$ curl -H "Content-Type: application/json" -d '{"Resource":"/abc"}' http://localhost:4500/containers/c39be4c7b7c8/copy > response_content
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2067 100 2048 100 19 56968 528 --:--:-- --:--:-- --:--:-- 58514
host:~$ tar xvf response_content
abc
host:~$ cat abc
my file contents
```
Docker-DCO-1.1-Signed-off-by: Mustafa Akın <mustafa91@gmail.com> (github: SvenDowideit)
Upstream-commit: b9e889c30988f3babbc059a883d7f3096611ad60
Component: engine
If iptables version is < 1.4.11, try to delete the rule vs. checking if it exists. Fixes#6831.
Docker-DCO-1.1-Signed-off-by: Jessica Frazelle <jfrazelle@users.noreply.github.com> (github: jfrazelle)
Upstream-commit: f3a68ffa390fb851115c77783fa4031f1d3b2995
Component: engine
This commit makes tarsum buffer allocation dynamic. This change
is required to avoid allocating memory excessively after the archive
buffering changes.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Upstream-commit: 7ef34407509fa76e3ead12a20c8b731f434e1971
Component: engine
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Upstream-commit: b5184d3c2417c743b3fec34312270d243e4d980c
Component: engine
Per registry.doRequest, res and client might be nil in case of error
For example, dns resolution errors, /etc/docker/certs.d perms, failed
loading of x509 cert ...
This will make res.StatusCode and res.Body SEGFAULT.
Signed-off-by: Arthur Gautier <baloo@gandi.net>
Upstream-commit: 3e6c69e5a1dbb428c4a62656f96cfe77c19986f9
Component: engine
