This is kernel config available in RHEL7.4 based kernels that enables
mountpoint removal where the mountpoint exists in other namespaces.
In particular this is important for making this pattern work:
```
umount -l /some/path
rm -r /some/path
```
Where `/some/path` exists in another mount namespace.
Setting this value will prevent `device or resource busy` errors when
attempting to the removal of `/some/path` in the example.
This setting is the default, and non-configurable, on upstream kernels
since 3.15.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 83c2152de503012195bd26069fd8fbd2dea4b32f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Shukui Yang <yangshukui@huawei.com>
(cherry picked from commit 9f38923901352459bb621d0b3587a6517e67eeb3)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
When using a volume via the `Binds` API, a shared selinux label is
automatically set.
The `Mounts` API is not setting this, which makes volumes specified via
the mounts API useless when selinux is enabled.
This fix adopts the same selinux label for volumes on the mounts API as on
binds.
Note in the case of both the `Binds` API and the `Mounts` API, the
selinux label is only applied when the volume driver is the `local`
driver.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 5bbf5cc671ec8007bf8e0416799fff01d6a79b7e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Daniel Nephin <dnephin@docker.com>
(cherry picked from commit 58b96aced87b33c4175fa5d3422289f763ab599d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Without relabel these files, SELinux-enabled containers will show
"permission denied" errors for configuration files mounted with
`docker server create ... --config ... ...`.
Signed-off-by: Wenxuan Zhao <viz@linux.com>
(cherry picked from commit 472c03a8c364090afb88258b3dd9748183c29d05)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This patch adds aditional information about commands to the YAML files
that are generated for the reference documentation.
The following fields are added for each command:
Property | Type | Description
------------------|-----------|---------------------------------------------------------------------------------------
deprecated | Boolean | Indicates if the command is marked deprecated
min_api_version | String | The API version required to use this command (e.g. "1.23")
experimental | Boolean | Indicates if the command requires the daemon to run with experimental features enabled
For example (taken from the experimental `docker checkpoint create` command):
command: docker checkpoint create
short: Create a checkpoint from a running container
long: Create a checkpoint from a running container
usage: docker checkpoint create [OPTIONS] CONTAINER CHECKPOINT
pname: docker checkpoint
plink: docker_checkpoint.yaml
options:
- option: checkpoint-dir
value_type: string
description: Use a custom checkpoint storage directory
deprecated: false
experimental: false
- option: leave-running
value_type: bool
default_value: "false"
description: Leave the container running after checkpoint
deprecated: false
experimental: false
deprecated: false
min_api_version: "1.25"
experimental: true
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 1f48e75c5c)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This patch adds aditional information about command flags to the YAML files
that are generated for the reference documentation.
The following fields are added for each flag:
Property | Type | Description
------------------|-----------|---------------------------------------------------------------------------------------
value_type | String | The "type" of value to be passed to this flag (e.g., `uint64`, `list`)
deprecated | Boolean | Indicates if the flag is marked deprecated
min_api_version | String | The API version required to use this flag (e.g. "1.23")
experimental | Boolean | Indicates if the flag requires the daemon to run with experimental features enabled
For example (taken from the `docker image build` command):
- option: security-opt
value_type: stringSlice
default_value: '[]'
description: Security options
deprecated: false
experimental: false
- option: shm-size
value_type: bytes
default_value: "0"
description: Size of /dev/shm
deprecated: false
experimental: false
- option: squash
value_type: bool
default_value: "false"
description: Squash newly built layers into a single new layer
deprecated: false
min_api_version: "1.25"
experimental: true
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit a8ba6f93d9)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
`docker stack deploy` keeps restarting services it doesn't need to (no changes)
because the entries' order gets randomized at some previous (de)serialization.
Maybe it would be worth looking into this at a higher level and ensure
all (de)serialization happens in an ordered collection.
This quick fix sorts secrets and configs (in place, mutably) which ensures the
same order for each run.
Based on
https://github.com/moby/moby/pull/30506
Fixes
https://github.com/moby/moby/issues/34746
Signed-off-by: Peter Nagy <xificurC@gmail.com>
(cherry picked from commit 27e8bdf32b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Splunk HEC does not accept log events with an empty string or a
whitespace-only string.
Signed-off-by: Florian Noeding <florian@noeding.com>
(cherry picked from commit 5f6d6a5093a4db799f9c1a6bb82eed1eea13ec0c)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Cezar Sa Espinola <cezarsa@gmail.com>
(cherry picked from commit 313bc1e339fa4292d9ef5bc74acc82436eab7e1e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The `--enable-api-cors` flag was deprecated in f3dd2db4ff7de1399a49af928cd3eae4fccf8764,
and marked for removal in docker 17.09 through 85f92ef3590b386ea17e3948262725a2d3ce4db5.
This patch removes the deprecated flag.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 7d4eab554379524c2421a7ecd3319d1d087d1de2)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: John Howard <jhoward@microsoft.com>
(cherry picked from commit b291f5a31728f7ff6386bb37f15e7c0885d3b2a7)
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
Primarily to bring in fix for "Clear Architecture field in platform
constraint for arm architectures".
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
(cherry picked from commit ef027b6d72)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
