Add golint to the Dockerfile, and a `validate-lint` task to the
Makefile. Currently, the linter will process a harcoded list of packages
that will expand as we fix more warnings. Eventually, the linter should
process all subpackages of the repo (excluding vendored code).
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Upstream-commit: 6cce8d18384a5ae1212e7b0f7b7ac9662a89c8c1
Component: engine
After merging mounting cgroups in container this tests doing wrong
checks. Cgroup paths could be prepended by other cgroups from host.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: 844fc5f77c9443b4605949219a8a3c8523249025
Component: engine
Also addded a couple more tests
Updates #14756
Signed-off-by: Dave Tucker <dt@docker.com>
Upstream-commit: c5667bc5690d6004db4e515cef1865e093da7e3b
Component: engine
The automatic installation of AppArmor policies prevents the
management of custom, site-specific apparmor policies for the
default container profile. Furthermore, this change will allow
a future policy for the engine itself to be written without demanding
the engine be able to arbitrarily create and manage AppArmor policies.
- Add deb package suggests for apparmor.
- Ubuntu postinst use aa-status & fix policy path
- Add the policies to the debian packages.
- Add apparmor tests for writing proc files
Additional restrictions against modifying files in proc
are enforced by AppArmor. Ensure that AppArmor is preventing
access to these files, not simply Docker's configuration of proc.
- Remove /proc/k?mem from AA policy
The path to mem and kmem are in /dev, not /proc
and cannot be restricted successfully through AppArmor.
The device cgroup will need to be sufficient here.
- Load contrib/apparmor during integration tests
Note that this is somewhat dirty because we
cannot restore the host to its original configuration.
However, it should be noted that prior to this patch
series, the Docker daemon itself was loading apparmor
policy from within the tests, so this is no dirtier or
uglier than the status-quo.
Signed-off-by: Eric Windisch <eric@windisch.us>
Upstream-commit: 80d99236c1ef9d389dbaca73c1a949da16b56b42
Component: engine
Fixes an issue with curly braces being escaped when they should not be.
This was particularly an issue in places where `--format '{{ ... }}'`
is used in the man docs.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: dd7d4d1101102eb1d958bb948369a25ec08ab01d
Component: engine
There are several bug reports on this error happening, and error is
not helpful unless you read the code. Google brings up removing
the repositories.btrfs file.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Upstream-commit: 96a4469835c68e0b9c448344777fbff077b514ea
Component: engine
* api/client/ps.go: Refactor CmdPs to use a fields list of
characters to determine which columns to print on `docker ps`
invocation.
This adds an ability for the docker command to print the columns of
output in arbitrary order.
Signed-off-by: Jeff Mickey <j@codemac.net>
Docker-DCO-1.1-Signed-off-by: Jeff Mickey <j@codemac.net>
Upstream-commit: de0e883331c85cc7617184900369e1ec9f723b6c
Component: engine
- fully capitalize HTTP in HTTPHeaders
- comment for CONFIGFILE
- camelcase and privatize oldConfigfile, defaultIndexserver
- remove unused var errConfigFileMissing
- comments for methods and functions throughout
- external references to renamed variables changed
Signed-off-by: Morgan Bauer <mbauer@us.ibm.com>
Upstream-commit: dea49b7474f0efcefe4618b6133330f0bb5e2c84
Component: engine
This solves several problems that arise from the special treatment of
"=" in Bash.
The fix was required as some log drivers have options in a key=value
form. It also addresses the --option=value and the negated boolean syntax
(--boolean=false).
Note that this is not a general fix for these problems, it is limited to
the __docker_pos_first_nonflag function.
Signed-off-by: Harald Albers <github@albersweb.de>
Upstream-commit: 38acec94c49e6730ae6bdef86b85f529c1dddda6
Component: engine
