From cda69884782e8f0825518f8ea4376fdab4077bef Mon Sep 17 00:00:00 2001 From: gunadhya <6939749+gunadhya@users.noreply.github.com> Date: Tue, 5 Jan 2021 16:56:29 +0530 Subject: [PATCH 1/9] Fix Error in daemon_unix.go and docker_cli_run_unit_test.go Signed-off-by: gunadhya <6939749+gunadhya@users.noreply.github.com> (cherry picked from commit 64465f3b5fbde37ee165893248d80b24e51102aa) Signed-off-by: Sebastiaan van Stijn --- daemon/daemon_unix.go | 2 +- integration-cli/docker_cli_run_unix_test.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/daemon/daemon_unix.go b/daemon/daemon_unix.go index b477275228..8754d4f972 100644 --- a/daemon/daemon_unix.go +++ b/daemon/daemon_unix.go @@ -461,7 +461,7 @@ func verifyPlatformContainerResources(resources *containertypes.Resources, sysIn resources.MemoryReservation = 0 } if resources.MemoryReservation > 0 && resources.MemoryReservation < linuxMinMemory { - return warnings, fmt.Errorf("Minimum memory reservation allowed is 4MB") + return warnings, fmt.Errorf("Minimum memory reservation allowed is 6MB") } if resources.Memory > 0 && resources.MemoryReservation > 0 && resources.Memory < resources.MemoryReservation { return warnings, fmt.Errorf("Minimum memory limit can not be less than memory reservation limit, see usage") diff --git a/integration-cli/docker_cli_run_unix_test.go b/integration-cli/docker_cli_run_unix_test.go index 44de2617d9..e6a6406e15 100644 --- a/integration-cli/docker_cli_run_unix_test.go +++ b/integration-cli/docker_cli_run_unix_test.go @@ -697,7 +697,7 @@ func (s *DockerSuite) TestRunWithMemoryReservationInvalid(c *testing.T) { assert.Assert(c, strings.Contains(strings.TrimSpace(out), expected), "run container should fail with invalid memory reservation") out, _, err = dockerCmdWithError("run", "--memory-reservation", "1k", "busybox", "true") assert.ErrorContains(c, err, "") - expected = "Minimum memory reservation allowed is 4MB" + expected = "Minimum memory reservation allowed is 6MB" assert.Assert(c, strings.Contains(strings.TrimSpace(out), expected), "run container should fail with invalid memory reservation") } From 491642e69692769c8715ca8d86bf2aa68852fb90 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 11 Jan 2021 12:28:21 -0800 Subject: [PATCH 2/9] contrib/check-config.sh: support for cgroupv2 Before: > Generally Necessary: > - cgroup hierarchy: nonexistent?? > (see https://github.com/tianon/cgroupfs-mount) After: > Generally Necessary: > - cgroup hierarchy: cgroupv2 Signed-off-by: Kir Kolyshkin (cherry picked from commit 76b59065ae99dca155bd95e97783f14e4b8cc272) Signed-off-by: Sebastiaan van Stijn --- contrib/check-config.sh | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/contrib/check-config.sh b/contrib/check-config.sh index 3d82118c9b..3ada8ca9ce 100755 --- a/contrib/check-config.sh +++ b/contrib/check-config.sh @@ -155,18 +155,22 @@ echo echo 'Generally Necessary:' echo -n '- ' -cgroupSubsystemDir="$(awk '/[, ](cpu|cpuacct|cpuset|devices|freezer|memory)[, ]/ && $3 == "cgroup" { print $2 }' /proc/mounts | head -n1)" -cgroupDir="$(dirname "$cgroupSubsystemDir")" -if [ -d "$cgroupDir/cpu" ] || [ -d "$cgroupDir/cpuacct" ] || [ -d "$cgroupDir/cpuset" ] || [ -d "$cgroupDir/devices" ] || [ -d "$cgroupDir/freezer" ] || [ -d "$cgroupDir/memory" ]; then - echo "$(wrap_good 'cgroup hierarchy' 'properly mounted') [$cgroupDir]" +if [ "$(stat -f -c %t /sys/fs/cgroup 2> /dev/null)" = '63677270' ]; then + echo "$(wrap_good 'cgroup hierarchy' 'cgroupv2')" else - if [ "$cgroupSubsystemDir" ]; then - echo "$(wrap_bad 'cgroup hierarchy' 'single mountpoint!') [$cgroupSubsystemDir]" + cgroupSubsystemDir="$(awk '/[, ](cpu|cpuacct|cpuset|devices|freezer|memory)[, ]/ && $3 == "cgroup" { print $2 }' /proc/mounts | head -n1)" + cgroupDir="$(dirname "$cgroupSubsystemDir")" + if [ -d "$cgroupDir/cpu" ] || [ -d "$cgroupDir/cpuacct" ] || [ -d "$cgroupDir/cpuset" ] || [ -d "$cgroupDir/devices" ] || [ -d "$cgroupDir/freezer" ] || [ -d "$cgroupDir/memory" ]; then + echo "$(wrap_good 'cgroup hierarchy' 'properly mounted') [$cgroupDir]" else - wrap_bad 'cgroup hierarchy' 'nonexistent??' + if [ "$cgroupSubsystemDir" ]; then + echo "$(wrap_bad 'cgroup hierarchy' 'single mountpoint!') [$cgroupSubsystemDir]" + else + wrap_bad 'cgroup hierarchy' 'nonexistent??' + fi + EXITCODE=1 + echo " $(wrap_color '(see https://github.com/tianon/cgroupfs-mount)' yellow)" fi - EXITCODE=1 - echo " $(wrap_color '(see https://github.com/tianon/cgroupfs-mount)' yellow)" fi if [ "$(cat /sys/module/apparmor/parameters/enabled 2> /dev/null)" = 'Y' ]; then From 6bc47ca4b4825a8a26d02e38225d74b96660d7b6 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 11 Jan 2021 12:38:33 -0800 Subject: [PATCH 3/9] contrib/check-config.sh: fix NF_NAT_IPV4 CONFIG_NF_NAT_IPV4 was removed in kernel commit 3bf195ae6037e310, which made its way into v5.1-rc1. The functionality is now under NF_NAT which we already check for. Make the check for NF_NAT_IPV4 conditional. Signed-off-by: Kir Kolyshkin (cherry picked from commit eeb53c1f228ddaf1c4771282b6b07524e40bbacb) Signed-off-by: Sebastiaan van Stijn --- contrib/check-config.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/contrib/check-config.sh b/contrib/check-config.sh index 3ada8ca9ce..3d23b51541 100755 --- a/contrib/check-config.sh +++ b/contrib/check-config.sh @@ -196,7 +196,7 @@ flags=( CGROUPS CGROUP_CPUACCT CGROUP_DEVICE CGROUP_FREEZER CGROUP_SCHED CPUSETS MEMCG KEYS VETH BRIDGE BRIDGE_NETFILTER - NF_NAT_IPV4 IP_NF_FILTER IP_NF_TARGET_MASQUERADE + IP_NF_FILTER IP_NF_TARGET_MASQUERADE NETFILTER_XT_MATCH_{ADDRTYPE,CONNTRACK,IPVS} IP_NF_NAT NF_NAT NF_NAT_NEEDED @@ -208,6 +208,10 @@ if [ "$kernelMajor" -lt 4 ] || ([ "$kernelMajor" -eq 4 ] && [ "$kernelMinor" -lt check_flags DEVPTS_MULTIPLE_INSTANCES fi +if [ "$kernelMajor" -lt 5 ] || [ "$kernelMajor" -eq 5 -a "$kernelMinor" -le 1 ]; then + check_flags NF_NAT_IPV4 +fi + echo echo 'Optional Features:' From db47bec3c7c36d71c37ea12cdea9b52bdeb71554 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 11 Jan 2021 12:40:53 -0800 Subject: [PATCH 4/9] contrib/check-config.sh: fix NF_NAT_NEEDED CONFIG_NF_NAT_NEEDED was removed in kernel commit 4806e975729f99c7, which made its way into v5.2-rc1. The functionality is now under NF_NAT which we already check for. Make the check for NF_NAT_NEEDED conditional. Signed-off-by: Kir Kolyshkin (cherry picked from commit 03da41152af41b2ac94d86021b5369fc13bf9d34) Signed-off-by: Sebastiaan van Stijn --- contrib/check-config.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/contrib/check-config.sh b/contrib/check-config.sh index 3d23b51541..17d9c2f299 100755 --- a/contrib/check-config.sh +++ b/contrib/check-config.sh @@ -198,7 +198,7 @@ flags=( VETH BRIDGE BRIDGE_NETFILTER IP_NF_FILTER IP_NF_TARGET_MASQUERADE NETFILTER_XT_MATCH_{ADDRTYPE,CONNTRACK,IPVS} - IP_NF_NAT NF_NAT NF_NAT_NEEDED + IP_NF_NAT NF_NAT # required for bind-mounting /dev/mqueue into containers POSIX_MQUEUE @@ -212,6 +212,10 @@ if [ "$kernelMajor" -lt 5 ] || [ "$kernelMajor" -eq 5 -a "$kernelMinor" -le 1 ]; check_flags NF_NAT_IPV4 fi +if [ "$kernelMajor" -lt 5 ] || [ "$kernelMajor" -eq 5 -a "$kernelMinor" -le 2 ]; then + check_flags NF_NAT_NEEDED +fi + echo echo 'Optional Features:' From bb0866f04e0b40f3a1e3883f3c2bcc8385fe951f Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 11 Jan 2021 13:25:16 -0800 Subject: [PATCH 5/9] contrib/check-config.sh: fix MEMCG_SWAP_ENABLED Kernel commit 2d1c498072de69e (which made its way into kernel v5.8-rc1) removed CONFIG_MEMCG_SWAP_ENABLED Kconfig option, making swap accounting always enabled (unless swapaccount=0 boot option is provided). Make the check conditional. Signed-off-by: Kir Kolyshkin (cherry picked from commit 070f9d9dd35e854f4a30563183987a6ec3276847) Signed-off-by: Sebastiaan van Stijn --- contrib/check-config.sh | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/contrib/check-config.sh b/contrib/check-config.sh index 17d9c2f299..a667c9669b 100755 --- a/contrib/check-config.sh +++ b/contrib/check-config.sh @@ -230,13 +230,21 @@ echo 'Optional Features:' check_flags CGROUP_PIDS } { - CODE=${EXITCODE} - check_flags MEMCG_SWAP MEMCG_SWAP_ENABLED - if [ -e /sys/fs/cgroup/memory/memory.memsw.limit_in_bytes ]; then + check_flags MEMCG_SWAP + # Kernel v5.8+ removes MEMCG_SWAP_ENABLED. + if [ "$kernelMajor" -lt 5 ] || [ "$kernelMajor" -eq 5 -a "$kernelMinor" -le 8 ]; then + CODE=${EXITCODE} + check_flags MEMCG_SWAP_ENABLED + # FIXME this check is cgroupv1-specific + if [ -e /sys/fs/cgroup/memory/memory.memsw.limit_in_bytes ]; then + echo " $(wrap_color '(cgroup swap accounting is currently enabled)' bold black)" + EXITCODE=${CODE} + elif is_set MEMCG_SWAP && ! is_set MEMCG_SWAP_ENABLED; then + echo " $(wrap_color '(cgroup swap accounting is currently not enabled, you can enable it by setting boot option "swapaccount=1")' bold black)" + fi + else + # Kernel v5.8+ enables swap accounting by default. echo " $(wrap_color '(cgroup swap accounting is currently enabled)' bold black)" - EXITCODE=${CODE} - elif is_set MEMCG_SWAP && ! is_set MEMCG_SWAP_ENABLED; then - echo " $(wrap_color '(cgroup swap accounting is currently not enabled, you can enable it by setting boot option "swapaccount=1")' bold black)" fi } { From 8412078b1eaa7abef5b35445ca233cd8928d4350 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 11 Jan 2021 13:31:19 -0800 Subject: [PATCH 6/9] contrib/check-config.sh: fix IOSCHED_CFQ CFQ_GROUP_IOSCHED These config options are removed by kernel commit f382fb0bcef4, which made its way into kernel v5.0-rc1. Make the check conditional. Signed-off-by: Kir Kolyshkin (cherry picked from commit 18e054358758552828f1ba3ae5859a77e8b2609c) Signed-off-by: Sebastiaan van Stijn --- contrib/check-config.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/contrib/check-config.sh b/contrib/check-config.sh index a667c9669b..4378bf4155 100755 --- a/contrib/check-config.sh +++ b/contrib/check-config.sh @@ -283,8 +283,12 @@ else netprio=CGROUP_NET_PRIO fi +if [ "$kernelMajor" -lt 5 ]; then + check_flags IOSCHED_CFQ CFQ_GROUP_IOSCHED +fi + flags=( - BLK_CGROUP BLK_DEV_THROTTLING IOSCHED_CFQ CFQ_GROUP_IOSCHED + BLK_CGROUP BLK_DEV_THROTTLING CGROUP_PERF CGROUP_HUGETLB NET_CLS_CGROUP $netprio From 420de4c569817aef00a1eaa3daddf65df50ae630 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Mon, 11 Jan 2021 13:39:06 -0800 Subject: [PATCH 7/9] contrib/check-config.sh: fix INET_XFRM_MODE_TRANSPORT This parameter was removed by kernel commit 4c145dce260137, which made its way to kernel v5.3-rc1. Since that commit, the functionality is built-in (i.e. it is available as long as CONFIG_XFRM is on). Make the check conditional. Signed-off-by: Kir Kolyshkin (cherry picked from commit 06d9020fac6c0165fc82dffba3bb597f209f5bb7) Signed-off-by: Sebastiaan van Stijn --- contrib/check-config.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/contrib/check-config.sh b/contrib/check-config.sh index 4378bf4155..849dc32d22 100755 --- a/contrib/check-config.sh +++ b/contrib/check-config.sh @@ -323,7 +323,10 @@ echo " - \"$(wrap_color 'overlay' blue)\":" check_flags VXLAN BRIDGE_VLAN_FILTERING | sed 's/^/ /' echo ' Optional (for encrypted networks):' check_flags CRYPTO CRYPTO_AEAD CRYPTO_GCM CRYPTO_SEQIV CRYPTO_GHASH \ - XFRM XFRM_USER XFRM_ALGO INET_ESP INET_XFRM_MODE_TRANSPORT | sed 's/^/ /' + XFRM XFRM_USER XFRM_ALGO INET_ESP | sed 's/^/ /' +if [ "$kernelMajor" -lt 5 ] || [ "$kernelMajor" -eq 5 -a "$kernelMinor" -le 3 ]; then + check_flags INET_XFRM_MODE_TRANSPORT | sed 's/^/ /' +fi echo " - \"$(wrap_color 'ipvlan' blue)\":" check_flags IPVLAN | sed 's/^/ /' echo " - \"$(wrap_color 'macvlan' blue)\":" From b7e6803ec4999918ace79261750f6556e30d7a88 Mon Sep 17 00:00:00 2001 From: "Frederico F. de Oliveira" Date: Sat, 23 Jan 2021 03:35:49 +0000 Subject: [PATCH 8/9] swagger.yaml: Remove extra 'the' wrapped by newline This PR was originally proposed by @phillc here: https://github.com/docker/engine/pull/456 Signed-off-by: FreddieOliveira (cherry picked from commit 2db5676c6e827ce311a87224cf5f2e3ae8b68afd) Signed-off-by: Sebastiaan van Stijn --- api/swagger.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/swagger.yaml b/api/swagger.yaml index 9f1019681a..b6a6e83dfb 100644 --- a/api/swagger.yaml +++ b/api/swagger.yaml @@ -7310,7 +7310,7 @@ paths: For example, the build arg `FOO=bar` would become `{"FOO":"bar"}` in JSON. This would result in the - the query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded. + query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded. [Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg) From c00fb1383fac3b2f28afedc74157bd5c30f78c11 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 27 Jan 2021 12:24:47 +0100 Subject: [PATCH 9/9] docs: fix double "the" in existing API versions Backport of 2db5676c6e827ce311a87224cf5f2e3ae8b68afd to the swagger files used in the documentation Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 240d0b37bbb25f47f7443a47c15029465c2338e4) Signed-off-by: Sebastiaan van Stijn --- docs/api/v1.37.yaml | 2 +- docs/api/v1.38.yaml | 2 +- docs/api/v1.39.yaml | 2 +- docs/api/v1.40.yaml | 2 +- docs/api/v1.41.yaml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/api/v1.37.yaml b/docs/api/v1.37.yaml index a4de19d8f5..d21cc0d66d 100644 --- a/docs/api/v1.37.yaml +++ b/docs/api/v1.37.yaml @@ -6196,7 +6196,7 @@ paths: For example, the build arg `FOO=bar` would become `{"FOO":"bar"}` in JSON. This would result in the - the query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded. + query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded. [Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg) diff --git a/docs/api/v1.38.yaml b/docs/api/v1.38.yaml index b29439feac..1bfa24d4b7 100644 --- a/docs/api/v1.38.yaml +++ b/docs/api/v1.38.yaml @@ -6257,7 +6257,7 @@ paths: For example, the build arg `FOO=bar` would become `{"FOO":"bar"}` in JSON. This would result in the - the query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded. + query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded. [Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg) diff --git a/docs/api/v1.39.yaml b/docs/api/v1.39.yaml index ee017ea7a5..59a97c3723 100644 --- a/docs/api/v1.39.yaml +++ b/docs/api/v1.39.yaml @@ -7004,7 +7004,7 @@ paths: For example, the build arg `FOO=bar` would become `{"FOO":"bar"}` in JSON. This would result in the - the query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded. + query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded. [Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg) diff --git a/docs/api/v1.40.yaml b/docs/api/v1.40.yaml index 56a3e824d1..30358a63af 100644 --- a/docs/api/v1.40.yaml +++ b/docs/api/v1.40.yaml @@ -7142,7 +7142,7 @@ paths: For example, the build arg `FOO=bar` would become `{"FOO":"bar"}` in JSON. This would result in the - the query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded. + query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded. [Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg) diff --git a/docs/api/v1.41.yaml b/docs/api/v1.41.yaml index 9f1019681a..b6a6e83dfb 100644 --- a/docs/api/v1.41.yaml +++ b/docs/api/v1.41.yaml @@ -7310,7 +7310,7 @@ paths: For example, the build arg `FOO=bar` would become `{"FOO":"bar"}` in JSON. This would result in the - the query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded. + query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded. [Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg)