If you run the tutorial step-by-step, following error occurs:
```$ sudo docker logs $container_id
Usage: docker logs CONTAINER
Fetch the logs of a container
-f, --follow=false: Follow log output```
This is obviously because bash variables are case-sensitive, so it mustn't be `CONTAINER_ID` above.
Docker-DCO-1.1-Signed-off-by: Mateusz Sulima <sulima.mateusz@email.com> (github: github_handle)
Upstream-commit: dca1c0073f42b0d75e914119eae863d6e6087cd6
Component: engine
This continues the effort to separate all registry logic from the
deprecated `Server` object.
* 'search' is exposed by `github.com/dotcloud/docker/registry/Service`
* Added proper documentation of Search while I was at it
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Upstream-commit: c4089ad80bcc1466535696ac0b11d388df529391
Component: engine
This is the first step towards separating the registry subsystem from
the deprecated `Server` object.
* New service `github.com/dotcloud/docker/registry/Service`
* The service is installed by default in `builtins`
* The service only exposes `auth` for now...
* ...Soon to be followed by `pull`, `push` and `search`.
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Upstream-commit: 3d605683b3d272982399635a55ee81b2a7535e81
Component: engine
I've seen one other missing space that I addressed in another PR already.
I don't know whether that is a common occurrence in the docs.
About the second diff chunk, it looks like some copy-paste mistake to me.
Docker-DCO-1.1-Signed-off-by: Felix Rabe <felix@rabe.io> (github: felixrabe)
Upstream-commit: 015a2abafa92ecc61fe5828a285a1e6dcfa07693
Component: engine
This allows using `Engine.Register` and `Engine.RegisterCatchall` on the
same engine without the catchall hiding all other handlers.
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Upstream-commit: de75af9fe2d91df7297e498d320b496addfb52f4
Component: engine
This is required to address a race condition described in #5553,
where a container can be partially deleted -- for example, the
root filesystem but not the init filesystem -- which makes
it impossible to delete the container without re-adding the
missing filesystems manually.
This behavior has been witnessed when rebooting boxes that
are configured to remove containers on shutdown in parallel
with stopping the Docker daemon.
Docker-DCO-1.1-Signed-off-by: Gabriel Monroy <gabriel@opdemand.com> (github: gabrtv)
Upstream-commit: 9f152aacf8427cbd20a70d52d633f8a6d624aff5
Component: engine
We don't have the flexibility to do extra things with lxc because it is
a black box and most fo the magic happens before we get a chance to
interact with it in dockerinit.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 59fe77bfa638001cbe9af386f350d6e0dbb23398
Component: engine
There is not need for the remount hack, we use aa_change_onexec so the
apparmor profile is not applied until we exec the users app.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: 76fa7d588adfe644824d9a00dafce2d2991a7013
Component: engine
- git mv archived/* .
- put the links back into the summary document
- reduce the header depth by 1 so the TOC lists each API version
- update the mkdocs.yaml to render the archived API docs, but not add
them to the menu/nav
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@fosiki.com> (github: SvenDowideit)
Upstream-commit: de49e7c0a640aada97ace458a4e5d63f5f52d4eb
Component: engine
This also cleans up some of the left over restriction paths code from
before.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: f5139233b930e436707a65cc032aa2952edd6e4a
Component: engine
It has been pointed out that some files in /proc and /sys can be used
to break out of containers. However, if those filesystems are mounted
read-only, most of the known exploits are mitigated, since they rely
on writing some file in those filesystems.
This does not replace security modules (like SELinux or AppArmor), it
is just another layer of security. Likewise, it doesn't mean that the
other mitigations (shadowing parts of /proc or /sys with bind mounts)
are useless. Those measures are still useful. As such, the shadowing
of /proc/kcore is still enabled with both LXC and native drivers.
Special care has to be taken with /proc/1/attr, which still needs to
be mounted read-write in order to enable the AppArmor profile. It is
bind-mounted from a private read-write mount of procfs.
All that enforcement is done in dockerinit. The code doing the real
work is in libcontainer. The init function for the LXC driver calls
the function from libcontainer to avoid code duplication.
Docker-DCO-1.1-Signed-off-by: Jérôme Petazzoni <jerome@docker.com> (github: jpetazzo)
Upstream-commit: 1c4202a6142d238d41f10deff1f0548f7591350b
Component: engine
