Commit Graph

2664 Commits

Author SHA1 Message Date
Vincent Demeester 07745f2aef Merge pull request #18618 from dnephin/refactor_resolve_auth_config
Refactor ResolveAuthConfig to remove the builder dependency on cli code
Upstream-commit: 5e0283effa73223e5528c61beb4e05b5018c5d6b
Component: engine
2015-12-14 15:23:36 +01:00
Justas Brazauskas 3c4fcf6b7a Fix typos found across repository
Signed-off-by: Justas Brazauskas <brazauskasjustas@gmail.com>
Upstream-commit: 927b334ebfc786276a039e45ec097e71bf9a104c
Component: engine
2015-12-13 18:04:12 +02:00
Sebastiaan van Stijn e8e575a14a Merge pull request #18270 from hqhq/hq_refactor_verify_config
Move verify container resources to a separate function
Upstream-commit: 51ffc088a55728b124045e297be216a83506a438
Component: engine
2015-12-12 12:47:19 +01:00
Antonio Murdaca 1d681e5873 Merge pull request #15365 from twistlock/14674-docker-authz
Docker authorization plug-in infrastructure
Upstream-commit: 1fffc0270ffb56d99a8440a10a0effdb3acd934d
Component: engine
2015-12-12 12:30:33 +01:00
Antonio Murdaca 9ef77e3f82 Merge pull request #18592 from hqhq/hq_fix_start
Add lock for container update
Upstream-commit: 241f6d71078916e987e131e3dd07beb0c5a1242e
Component: engine
2015-12-12 12:17:18 +01:00
Daniel Nephin 5ff0f9ef5e Refactor ResolveAuthConfig to remove the builder dependency on cli code.
registry.ResolveAuthConfig() only needs the AuthConfigs from the ConfigFile, so
this change passed just the AuthConfigs.

Signed-off-by: Daniel Nephin <dnephin@gmail.com>
Upstream-commit: 920ea13516c24d00931cac42b608b5827986ede7
Component: engine
2015-12-11 19:31:24 -08:00
Liron Levin f09e1890f6 Change authz plugin argument name
Signed-off-by: Liron Levin <liron@twistlock.com>
Upstream-commit: de4ffdfe488494c9c300a785ad4f2263c6182988
Component: engine
2015-12-11 20:59:15 +02:00
David Calavera 2cee7ddb46 Rename Daemon.Get to Daemon.GetContainer.
This is more aligned with `Daemon.GetImage` and less confusing.

Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: d7d512bb927023b76c3c01f54a3655ee7c341637
Component: engine
2015-12-11 12:39:28 -05:00
Marius Sturm 46aa4e0b30 dont trim gelf log message
Signed-off-by: Marius Sturm <marius@graylog.com>
Upstream-commit: a31435c8a2c4560b6e1a0e84450c45490fa587be
Component: engine
2015-12-11 10:28:24 +01:00
Qiang Huang 4f0c8269f1 Move verify container resources to a separate function
Make the code easy to view.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Upstream-commit: c6bfb54ac19ec8d2822ab4dae6123e705a299d73
Component: engine
2015-12-11 10:59:29 +08:00
Qiang Huang 88d252998b Add lock for container update
Container needs to be locked when updating the fields, and
this PR also remove the redundant `parseSecurityOpt` since
it'll be done in `setHostConfig`.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Upstream-commit: 464eefd7957c3e0c7bcfb80bdc96ef8790687615
Component: engine
2015-12-11 10:33:13 +08:00
David Calavera 87797addd5 Merge pull request #18580 from tophj-ibm/fix-typo-blkio-invalid-device
Fix typo in named test and docs.
Upstream-commit: b89676beadce5a078dd8fc8b37ce00729e6e7232
Component: engine
2015-12-10 15:19:41 -08:00
Alexander Morozov 9847131043 Merge pull request #18353 from aaronlehmann/transfer-manager
Improved push and pull with upload manager and download manager
Upstream-commit: ac453a310bac6bdd7cd9d780a63d4168064570d1
Component: engine
2015-12-10 14:52:48 -08:00
Christopher Jones 1aaaffc214 Fixed typo change deivce to device.
This changes deivce to device in daemon, test and docs.

Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
Upstream-commit: 7c077c2c3443fdb9b13b7790bc96cdaa287cf381
Component: engine
2015-12-10 15:23:05 -06:00
Vincent Demeester ff45cefcc9 Merge pull request #18555 from runcom/clean-devmapper
devmapper: remove unused var
Upstream-commit: 13155ac47ea27eceda2c59d42e05e4b6ab1f516a
Component: engine
2015-12-10 18:17:04 +01:00
Phil Estes db749df51c Merge pull request #18197 from nalind/workaround-go-libgcc
Work around a linking problem on 32-bit arches
Upstream-commit: 2ea48e9fc09ba83785355c5d073e9bfae81ea266
Component: engine
2015-12-10 11:50:03 -05:00
Antonio Murdaca cb952213f7 devmapper: remove unused var
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Upstream-commit: 037cbcec989f7867b6062455e8b042b8d2b0ab18
Component: engine
2015-12-10 08:28:02 +01:00
Brian Goff 72c8e6b470 Merge pull request #18550 from ibuildthecloud/panic
Don't dereference HostConfig.MemorySwapiness if nil
Upstream-commit: ff0e33824a09284084683d9e00f0f7bcc6950a76
Component: engine
2015-12-09 23:11:18 -05:00
Aaron Lehmann 547342d777 Improved push and pull with upload manager and download manager
This commit adds a transfer manager which deduplicates and schedules
transfers, and also an upload manager and download manager that build on
top of the transfer manager to provide high-level interfaces for uploads
and downloads. The push and pull code is modified to use these building
blocks.

Some benefits of the changes:

- Simplification of push/pull code
- Pushes can upload layers concurrently
- Failed downloads and uploads are retried after backoff delays
- Cancellation is supported, but individual transfers will only be
  cancelled if all pushes or pulls using them are cancelled.
- The distribution code is decoupled from Docker Engine packages and API
  conventions (i.e. streamformatter), which will make it easier to split
  out.

This commit also includes unit tests for the new distribution/xfer
package. The tests cover 87.8% of the statements in the package.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 572ce802306a4e919802e5b77cbeca94acda7c0a
Component: engine
2015-12-09 19:13:35 -08:00
Daniel Nephin 1c526ceb5c Move networking api types to the api/types/networking package.
Signed-off-by: Daniel Nephin <dnephin@gmail.com>
Upstream-commit: efda9618db07152ce6a94e0ac391ba58d1463fcd
Component: engine
2015-12-09 13:55:59 -08:00
Darren Shepherd 19d19aefcd Don't dereference HostConfig.MemorySwapiness if nil
Signed-off-by: Darren Shepherd <darren@rancher.com>
Upstream-commit: 5ac12c418f163a49ad3355506fc8ed632905dbd9
Component: engine
2015-12-09 14:47:51 -07:00
Qiang Huang 8a7da51391 Check minimum kernel memory limit to be 4M
Fixes: #18405

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Upstream-commit: 2347f98003af34dd1cfd290bf0f2cc7e6ae07b03
Component: engine
2015-12-09 14:26:41 +08:00
Phil Estes 6021acc699 Fix overlay and user namespace permissions
All underlay dirs need proper remapped ownership. This bug was masked by the
fact that the setupInitLayer code was chown'ing the dirs at startup
time. Since that bug is now fixed, it revealed this permissions issue.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Upstream-commit: 191cefbaca45ba86341379d09d2f75d5fc1868fb
Component: engine
2015-12-08 14:28:28 -05:00
Dima Stopel 1c96ff9a0b Fixing documentation according to comments by @moxiegirl and @thaJeztah
Signed-off-by: Dima Stopel <dima@twistlock.com>
Upstream-commit: 8cc0892269fb532f117aadc0e8acf7a173fe4e1b
Component: engine
2015-12-08 17:34:15 +02:00
Liron Levin 2491643ccf Docker authorization plug-in infrastructure enables extending the functionality of the Docker daemon with respect to user authorization. The infrastructure enables registering a set of external authorization plug-in. Each plug-in receives information about the user and the request and decides whether to allow or deny the request. Only in case all plug-ins allow accessing the resource the access is granted.
Each plug-in operates as a separate service, and registers with Docker
through general (plug-ins API)
[https://blog.docker.com/2015/06/extending-docker-with-plugins/]. No
Docker daemon recompilation is required in order to add / remove an
authentication plug-in. Each plug-in is notified twice for each
operation: 1) before the operation is performed and, 2) before the
response is returned to the client. The plug-ins can modify the response
that is returned to the client.

The authorization depends on the authorization effort that takes place
in parallel [https://github.com/docker/docker/issues/13697].

This is the official issue of the authorization effort:
https://github.com/docker/docker/issues/14674

(Here)[https://github.com/rhatdan/docker-rbac] you can find an open
document that discusses a default RBAC plug-in for Docker.

Signed-off-by: Liron Levin <liron@twistlock.com>
Added container create flow test and extended the verification for ps
Upstream-commit: 75c353f0ad73bd83ed18e92857dd99a103bb47e3
Component: engine
2015-12-08 17:34:15 +02:00
Sebastiaan van Stijn 3291c35ddf Merge pull request #18108 from phemmer/no-mtu-discovery
don't try to use default route MTU as container MTU
Upstream-commit: b36b4920399cc95e1b357f60aa738e84bd970f47
Component: engine
2015-12-08 00:26:29 +01:00
Patrick Hemmer f20b52f333 don't try to use default route MTU as bridge MTU
Signed-off-by: Patrick Hemmer <patrick.hemmer@gmail.com>
Upstream-commit: fd9d7c02fcc8edd73d056f56f17e5cfe1760495b
Component: engine
2015-12-07 17:32:51 -05:00
Brian Goff d76bf17816 Merge pull request #18442 from MHBauer/move-configs
move configs structs to remove dependency on deamon
Upstream-commit: 41ae615aa13508b8f8958dc1c338fce5bccb8e6b
Component: engine
2015-12-07 13:38:43 -05:00
Morgan Bauer b12523fdf4 move configs structs to remove dependency on daemon
- Moved the following config structs to api/types
   - ContainerRmConfig
   - ContainerCommitConfig

Signed-off-by: Morgan Bauer <mbauer@us.ibm.com>
Upstream-commit: 63fb931a0b7298c6281898bcc5f53ab0655ad1a6
Component: engine
2015-12-07 09:03:25 -08:00
Phil Estes ecc37f59d7 Merge pull request #18451 from WeiZhang555/net-err
Better error message for network connect
Upstream-commit: 7d6a2e3cf5d172c21c831c3466e30d693e12e6fd
Component: engine
2015-12-07 09:17:48 -05:00
Tibor Vass 1af1c81aab Merge pull request #18123 from aidanhs/aphs-fail-on-broken-tar
Ensure adding a broken tar doesn't silently fail
Upstream-commit: 1f8efc687cdf8ba98a7332cf9d4401afb8108be6
Component: engine
2015-12-07 14:38:21 +01:00
Tibor Vass dce7992408 Merge pull request #18329 from liusdu/mount_err
Fix rm container error in aufs and devicemapper after daemon crash
Upstream-commit: ba77a5b46fb86f6765fdab8a85f82266e1032efe
Component: engine
2015-12-07 12:47:52 +01:00
Zhang Wei e5e9f03639 Better error message for network connect
Use better error message when user want to connect container with same
name to one network, this can help avoid confusion.

Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
Upstream-commit: 8edb941b796cbdd2c9f3809a3290fcd4d8ae76ea
Component: engine
2015-12-07 17:39:13 +08:00
Jess Frazelle ab6c9709f6 Merge pull request #17989 from jfrazelle/initial-seccomp-support
Phase 1: Initial seccomp support
Upstream-commit: 87a614ed55f2a9076d8150f846b0d27fe60095a8
Component: engine
2015-12-05 08:33:58 -08:00
Jess Frazelle fee5b92987 Merge pull request #18436 from estesp/fix-initlayer-perms
Fix init layer chown of existing dir ownership
Upstream-commit: a56f258c8af4524f00750fbaa92d7b1f85981cef
Component: engine
2015-12-04 11:53:09 -08:00
Phil Estes d7dafeedd3 Merge pull request #18398 from calavera/system_backend
Move docker system information to a dedicated router and backend.
Upstream-commit: 51b0f23127f115ce24b45dac2d565db58d25458e
Component: engine
2015-12-04 12:56:57 -05:00
Phil Estes 37ebaba7a1 Fix init layer chown of existing dir ownership
This solves a bug where /etc may have pre-existing permissions from
build time, but init layer setup (reworked for user namespaces) was
assuming root ownership.  Adds a test as well to catch this situation in
the future.

Minor fix to wrong ordering of chown/close on files created during the
same initlayer setup.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Upstream-commit: 23b771782ab7236ce5024ac5773a6ded9a2af753
Component: engine
2015-12-04 12:18:05 -05:00
Ma Shimiao 7be0f9667b Add support for blkio read/write bps device
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
Upstream-commit: 3f15a055e5c50d0f08d4c3e7cd9618d537b84f29
Component: engine
2015-12-04 09:26:03 +08:00
Jessica Frazelle 4f88ba8722 inital seccomp support
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
Upstream-commit: 6707f4b9b638b367a1dde6f8684a5b9817a882f0
Component: engine
2015-12-03 16:30:44 -08:00
Michael Crosby 5fc75a60ac Merge pull request #18347 from tiborvass/container_package
Move Container to its own package (carry of 17969)
Upstream-commit: 168b490062aed36bf95426d9d66dcf5703842016
Component: engine
2015-12-03 14:10:16 -08:00
Tibor Vass 44348463e0 Move DisconnectFromNetwork back to daemon/
Signed-off-by: Tibor Vass <tibor@docker.com>
Upstream-commit: 5bb4d0d9ea6a6c85a3f9a4a147fd7db0101eb725
Component: engine
2015-12-03 20:10:27 +01:00
David Calavera 13f897ae0e Move docker system information to a dedicated router and backend.
Because I like the name `system` better than `local` :)

Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 867f432985d6b4a46c2f66225d70a4ffdb28d8a3
Component: engine
2015-12-03 13:38:56 -05:00
Phil Estes a103145fec Merge pull request #18391 from runcom/remove-daemon-config-func
daemon: remove private func config()
Upstream-commit: d9755df2b3b224a7c9895279fde17e9d4f826c10
Component: engine
2015-12-03 11:42:31 -05:00
David Calavera d010c48ce4 Move Container to its own package.
So other packages don't need to import the daemon package when they
want to use this struct.

Signed-off-by: David Calavera <david.calavera@gmail.com>
Signed-off-by: Tibor Vass <tibor@docker.com>
Upstream-commit: 6bb0d1816acd8d4f7a542a6aac047da2b874f476
Component: engine
2015-12-03 17:39:49 +01:00
Tibor Vass 0082efd193 Merge pull request #18266 from calavera/events_pub_sub
Event PubSub topics + linear filtering.
Upstream-commit: 33ab2bb52c130380e038013d68fdd8ad3c663360
Component: engine
2015-12-03 17:11:40 +01:00
Liu Hua 8c2653fb9a fix Put without Get in aufs
this Patch is ported from 3916561619d45a3d8ca17dfa467149824111023a

Signed-off-by: Liu Hua <sdu.liu@huawei.com>
Upstream-commit: 451f7517733087a8629fe20894b6c10a63bb155e
Component: engine
2015-12-03 22:22:25 +08:00
Liu Hua 5e25f840c3 Fix Put without Get in devicemapper
Signed-off-by: Liu Hua <sdu.liu@huawei.com>
Upstream-commit: f7bdb973578a08a5012c741e4ebb262d2dd81165
Component: engine
2015-12-03 22:22:25 +08:00
Antonio Murdaca 0eb3ab8587 daemon: remove private func config()
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Upstream-commit: 3662f58083fbef56caf0eb4b2bab7d2a2a2672d5
Component: engine
2015-12-03 11:46:53 +01:00
David Calavera d555e15f77 Add PubSub topics.
A TopicFunc is an interface to let the pubisher decide whether it needs
to send a message to a subscriber or not. It returns true if the
publisher must send the message and false otherwise.

Users of the pubsub package can create a subscriber with a topic
function by calling `pubsub.SubscribeTopic`.

Message delivery has also been modified to use concurrent channels per
subscriber. That way, topic verification and message delivery is not
o(N+M) anymore, based on the number of subscribers and topic verification
complexity.

Using pubsub topics, the API stops controlling the message delivery,
delegating that function to a topic generated with the filtering
provided by the user. The publisher sends every message to the
subscriber if there is no filter, but the api doesn't have to select
messages to return anymore.

Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 434d2e8745696255a204d9eefc6a2854ff74e5c2
Component: engine
2015-12-02 16:43:49 -05:00
David Calavera b43875ed4c Merge pull request #18369 from LK4D4/misleading_rm
daemon/delete.go: use less confusing naming of functions
Upstream-commit: f8364c013db9fe8483f2c44a513eaea473f54ebe
Component: engine
2015-12-02 11:57:18 -08:00