|
|
@@ -5,6 +5,76 @@ information on the list of deprecated flags and APIs please have a look at
|
|
|
https://docs.docker.com/engine/deprecated/ where target removal dates can also
|
|
|
be found.
|
|
|
|
|
|
+## 1.12.6 (2017-01-10)
|
|
|
+
|
|
|
+**IMPORTANT**: Docker 1.12 ships with an updated systemd unit file for rpm
|
|
|
+based installs (which includes RHEL, Fedora, CentOS, and Oracle Linux 7). When
|
|
|
+upgrading from an older version of docker, the upgrade process may not
|
|
|
+automatically install the updated version of the unit file, or fail to start
|
|
|
+the docker service if;
|
|
|
+
|
|
|
+- the systemd unit file (`/usr/lib/systemd/system/docker.service`) contains local changes, or
|
|
|
+- a systemd drop-in file is present, and contains `-H fd://` in the `ExecStart` directive
|
|
|
+
|
|
|
+Starting the docker service will produce an error:
|
|
|
+
|
|
|
+ Failed to start docker.service: Unit docker.socket failed to load: No such file or directory.
|
|
|
+
|
|
|
+or
|
|
|
+
|
|
|
+ no sockets found via socket activation: make sure the service was started by systemd.
|
|
|
+
|
|
|
+To resolve this:
|
|
|
+
|
|
|
+- Backup the current version of the unit file, and replace the file with the
|
|
|
+ [version that ships with docker 1.12](https://raw.githubusercontent.com/docker/docker/v1.12.0/contrib/init/systemd/docker.service.rpm)
|
|
|
+- Remove the `Requires=docker.socket` directive from the `/usr/lib/systemd/system/docker.service` file if present
|
|
|
+- Remove `-H fd://` from the `ExecStart` directive (both in the main unit file, and in any drop-in files present).
|
|
|
+
|
|
|
+After making those changes, run `sudo systemctl daemon-reload`, and `sudo
|
|
|
+systemctl restart docker` to reload changes and (re)start the docker daemon.
|
|
|
+
|
|
|
+**NOTE**: Docker 1.12.5 will correctly validate that either an IPv6 subnet is provided or
|
|
|
+that the IPAM driver can provide one when you specify the `--ipv6` option.
|
|
|
+
|
|
|
+If you are currently using the `--ipv6` option _without_ specifying the
|
|
|
+`--fixed-cidr-v6` option, the Docker daemon will refuse to start with the
|
|
|
+following message:
|
|
|
+
|
|
|
+```none
|
|
|
+Error starting daemon: Error initializing network controller: Error creating
|
|
|
+ default "bridge" network: failed to parse pool request
|
|
|
+ for address space "LocalDefault" pool " subpool ":
|
|
|
+ could not find an available, non-overlapping IPv6 address
|
|
|
+ pool among the defaults to assign to the network
|
|
|
+```
|
|
|
+
|
|
|
+To resolve this error, either remove the `--ipv6` flag (to preserve the same
|
|
|
+behavior as in Docker 1.12.3 and earlier), or provide an IPv6 subnet as the
|
|
|
+value of the `--fixed-cidr-v6` flag.
|
|
|
+
|
|
|
+In a similar way, if you specify the `--ipv6` flag when creating a network
|
|
|
+with the default IPAM driver, without providing an IPv6 `--subnet`, network
|
|
|
+creation will fail with the following message:
|
|
|
+
|
|
|
+```none
|
|
|
+Error response from daemon: failed to parse pool request for address space
|
|
|
+ "LocalDefault" pool "" subpool "": could not find an
|
|
|
+ available, non-overlapping IPv6 address pool among
|
|
|
+ the defaults to assign to the network
|
|
|
+```
|
|
|
+
|
|
|
+To resolve this, either remove the `--ipv6` flag (to preserve the same behavior
|
|
|
+as in Docker 1.12.3 and earlier), or provide an IPv6 subnet as the value of the
|
|
|
+`--subnet` flag.
|
|
|
+
|
|
|
+The network network creation will instead succeed if you use an external IPAM driver
|
|
|
+which supports automatic allocation of IPv6 subnets.
|
|
|
+
|
|
|
+### Runtime
|
|
|
+
|
|
|
+- Fix runC privilege escalation (CVE-2016-9962)
|
|
|
+
|
|
|
## 1.12.5 (2016-12-15)
|
|
|
|
|
|
**IMPORTANT**: Docker 1.12 ships with an updated systemd unit file for rpm
|
Kenfe-Mickael Laventure