We need to have labels applied even if a container is running in privileged
mode. On an tightly locked down SELinux system, this will cause running
without labels will cause SELinux to block privileged mode containers.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
Upstream-commit: 3894773d6edf8127ddf5f811492a9b49673196e7
Component: engine
before:
```
$ time docker --help
real 0m0.177s
user 0m0.000s
sys 0m0.040s
```
after:
```
$ time docker --help
real 0m0.010s
user 0m0.000s
sys 0m0.000s
```
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 5c8950e84d2384919f45209f8cc4cbf00ff29015
Component: engine
the events API was rewritten in 723be0a3325799fd6b2a6b689af54f5a07edf992,
but the example response in the documentation doesn't reflect the actual output
this fixes the example response
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 3932d46a7878e3e75d8119f332b927fd2107cb32
Component: engine
This add a new filter to 'docker network ls'
to allow filtering by driver-name.
Contrary to "ID" and "name" filters, this
filter only supports an *exact* match.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 23e418b6c966a43a463a064053ce0c741b8e5159
Component: engine
When exec a non-exist command, it should print a newline at last.
Currently:
```
$ docker exec -ti f5f703ea2c0a144 bash
rpc error: code = 2 desc = "oci runtime error: exec failed: exec:
\"bash\": executable file not found in $PATH"$
```
Signed-off-by: Feng Yan <fy2462@gmail.com>
Upstream-commit: 8bf5613c1aca634e517e895e90e74f4263cf030f
Component: engine
TestBuildNotVerboseFailure use a non-exist image busybox1,
it requires network connection to access to Dockerhub, skip
this test if there is no network.
Signed-off-by: Lei Jitang <leijitang@huawei.com>
Upstream-commit: 9ab0aa43365cd648d7681a58b60e91f791bc920a
Component: engine
Move all flags into cli/flags
Move usage help into cli/usage.go
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Upstream-commit: 33c9edaf6c5401fc1891713d1ad8d861e6cea51f
Component: engine
The runc compile currently fails on s390x:
Step 35 : RUN set -x && export GOPATH="$(mktemp -d)" && git clone
https://github.com/opencontainers/runc.git
"$GOPATH/src/github.com/opencontainers/runc" && cd
"$GOPATH/src/github.com/opencontainers/runc" && git checkout -q
"$RUNC_COMMIT" && make static BUILDTAGS="seccomp apparmor selinux" &&
cp runc /usr/local/bin/docker-runc
[snip]
# github.com/seccomp/libseccomp-golang
Godeps/_workspace/src/github.com/seccomp/libseccomp-golang/seccomp.go:25:22:
fatal error: seccomp.h: No such file or directory
// #include <seccomp.h>
The problem is that the installed libseccomp version in trusty is too old.
Fix this and install version 2.3.0 of libseccomp like it is done in the
x86 Dockerfile.
Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Upstream-commit: 97f45bd629fa3e5921c5a70f3e8087c1afbb07a6
Component: engine
For every docker load and save operations, it would log related
image events.
Signed-off-by: Kai Qiang Wu(Kennan) <wkqwu@cn.ibm.com>
Upstream-commit: 06561057103441fe176910e12674d998b8561b75
Component: engine
This adds support for Windows dockerd to run as a Windows service, managed
by the service control manager. The log is written to the Windows event
log (and can be viewed in the event viewer or in PowerShell). If there is
a Go panic, the stack is written to a file panic.log in the Docker root.
Signed-off-by: John Starks <jostarks@microsoft.com>
Upstream-commit: 57aef3b49025aac6bb084491478eb461b14b9109
Component: engine
