We should be assigning value to minFreeMetadata instead of minFreeData. This
is copy/paste error.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Upstream-commit: 4141a00921e3ae814736249ec1806d5d35c8d46c
Component: engine
The GCP logging driver is calling out to GCP cloud service on package
init.
This is regardless if you are using GCP logging or not.
This change makes this happen on the first invocation of a new GCP
logging driver instance instead.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 24710fd3e228398dc02c72ab3f0efe70d70c313e
Component: engine
-Temporary until we find the source of CI/v6 issue with driver
Signed-off-by: Brent Salisbury <brent@docker.com>
Upstream-commit: 6d43dc99e5e67210ca502ec2eca12ae1ee9c2600
Component: engine
Missing documentation and man pages on seccomp options.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
Upstream-commit: 450fa7536edc03fb5b071c0d04af534b2f8572ff
Component: engine
The issue of the flaky test is because when the second container
starts, the first container in the detached mode may have only
been created and not yet entering the running state. So the
port 8000 might be used by the second container first.
This fix added a check to make sure the first container is already
in running state, before the second container is invoked.
This fix fixes#21247.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 1a9f5f4c69451c580595d67844f41937b3293069
Component: engine
This adds the following new syscalls that are supported in libseccomp 2.3.0,
including calls added up to kernel 4.5-rc4:
mlock2 - same as mlock but with a flag
copy_file_range - copy file contents, like splice but with reflink support.
The following are not added, and mentioned in docs:
userfaultfd - userspace page fault handling, mainly designed for process migration
The following are not added, only apply to less common architectures:
switch_endian
membarrier
breakpoint
set_tls
I plan to review the other architectures, some of which can now have seccomp
enabled in the build as they are now supported.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Upstream-commit: 96896f2d0bc16269778dd4f60a4920b49953ffed
Component: engine
It plumbs net/context.Context through entire API, see docker/engine-api#140
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 48339017dbb7a09827445d8c1a9db9ae6ecb8a4a
Component: engine
This fixes problems encountered when running with a remapped root (the
syscalls related to the metadata directory will fail under user
namespaces). Using 0711 rather than 0701 (which solved the problem
previously) fixes the issue.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Upstream-commit: e91ca0e239f1e6c71a5a6c789ec8177806773355
Component: engine
- cherry-pick from 1.10.3 branch: 0186f4d4223a094a050d06f456355da3ae431468
- add token service test suite
- add integration test (missing in 1.10.3 branch)
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Upstream-commit: 1b5c2e1d722757a55364fb45cf3fcec7f2c75fb4
Component: engine
This relies on changes to go-winio to support CloseWrite() when the pipe
is in message mode. This fixes an issue where stdin is not properly closed
when there is no more input to docker run.
Signed-off-by: John Starks <jostarks@microsoft.com>
Upstream-commit: 59573fb3c6e8e55278c973b9c799db6ed9c0f9c7
Component: engine
This revendor provides support for CloseWrite() in the npipe transport,
fixes a performance regression introduced in Go 1.6, and improves
npipe performance by allowing the pipe buffer size to be specified.
Signed-off-by: John Starks <jostarks@microsoft.com>
Upstream-commit: 87c2aad6f11c4993222dd29fb8c7c520b19ac8d9
Component: engine
Adjust "hack/make/.detect-daemon-osarch" to be the source of truth for "platform detection"
Upstream-commit: 133b3cccb50dadf2b8b10519e3c8d8b924a91b76
Component: engine
