0ct0pu5/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
46601 commits 14 branches 412 tags 338 MiB
Commit graph

345 commits

Author SHA1 Message Date
Tianon Gravi
3e955cd531
Merge pull request #41634 from AkihiroSuda/rootlesskit-0.11.0 
bump up rootlesskit to v0.11.0
 2020-11-05 19:12:53 +00:00
Akihiro Suda
c6accc67f2
bump up rootlesskit to v0.11.0 
Important fix: Lock state dir for preventing automatic clean-up by systemd-tmpfiles
(https://github.com/rootless-containers/rootlesskit/pull/188)

Full changes:https://github.com/rootless-containers/rootlesskit/compare/v0.10.0...v0.11.0

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-11-05 16:49:32 +09:00
Arko Dasgupta
1623e6b222 Vendor in Libnetwork changes 
Bring in changes from https://github.com/moby/libnetwork/pull/2572 to moby

Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com>
 2020-10-29 14:32:04 -07:00
Sebastiaan van Stijn
a6129c57e6
Bump vndr v0.1.2 
full diff: https://github.com/lk4d4/vndr/compare/v0.1.1...v0.1.2

- cleanVCS: prevent panic
- Consider '.syso' as a Go file for vendoring

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-10-16 17:53:56 +02:00
Sebastiaan van Stijn
5338478546
Dockerfile: fix golang-ci-lint installer 
We were using "go get", whith would try to fetch some dependencies
that are not in the version we're installing,

    go get -d github.com/golangci/golangci-lint/cmd/golangci-lint

Causing the build to fail;

    package 4d63.com/gochecknoglobals/checknoglobals: unrecognized import path "4d63.com/gochecknoglobals/checknoglobals" (parse https://4d63.com/gochecknoglobals/checknoglobals?go-get=1: no go-import meta tags ())

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-10-16 13:39:22 +02:00
Sebastiaan van Stijn
9fb324f00b
vendor: docker/libnetwork d0951081b35fa4216fc4f0064bf065beeb55a74b 
full diff: 9e99af28df...d0951081b3

- docker/libnetwork#2560 types: remove some dead code
- docker/libnetwork#2562 client/mflag: remove use of docker/docker/pkg/homedir
- docker/libnetwork#2576 Skip redundant kernel version checks
- docker/libnetwork#2583 vendor: update docker to 7ca355652f and reduce dependency graph

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-09-18 01:08:20 +02:00
Brian Goff
3956a86b62
Merge pull request #41450 from thaJeztah/containerd_1.4.1 
update containerd vendor and binary to v1.4.1
 2020-09-17 08:01:44 -07:00
Olli Janatuinen
82b5ff8026 Windows CI: Make sure that CI fails on any error 
- If unit tests fails
- If intergration tests fails

Signed-off-by: Olli Janatuinen <olli.janatuinen@gmail.com>
 2020-09-17 08:59:49 +03:00
Sebastiaan van Stijn
1371a629d5
update containerd binary to v1.4.1 
full diff: https://github.com/containerd/containerd/compare/v1.4.0...v1.4.1

Welcome to the v1.4.1 release of containerd!

The first patch release for `containerd` 1.4 includes a fix for v1 shims hanging
on exit and exec when the log pipe fills up along with other minor changes.

Notable Updates:

* Always consume shim logs to prevent logs in the shim from blocking
* Fix error deleting v2 bundle directory when removing rootfs returns `ErrNotExist`
* Fix metrics monitoring of v2 runtime tasks
* Fix incorrect stat for Windows containers
* Fix devmapper device deletion on rollback
* Update seccomp default profile

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-09-16 12:33:45 +02:00
Akihiro Suda
15292d7abf
update containerd binary to v1.4.0 
release note: https://github.com/containerd/containerd/releases/tag/v1.4.0

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-08-19 23:01:28 +09:00
Sebastiaan van Stijn
31d83961e9
Update tini v0.19.0 
full diff: https://github.com/krallin/tini/compare/v0.18.0...v0.19.0

Release notes:

- mipsel build
- include checksums in releases
- ppc64le alias for the ppc64el build

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-08-11 11:26:28 +02:00
Jintao Zhang
2c7b48decd Update runc binary to v1.0.0-rc92 
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
 2020-08-06 13:37:18 +08:00
Akihiro Suda
43d13054c5
update containerd to v1.3.7 
Release note: https://github.com/containerd/containerd/releases/tag/v1.3.7

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-08-04 14:47:57 +09:00
Akihiro Suda
5bc41368d9
bump up rootlesskit to v0.10.0 
Fix port forwarder resource leak (https://github.com/rootless-containers/rootlesskit/issues/153).

Changes: https://github.com/rootless-containers/rootlesskit/compare/v0.9.5...v0.10.0

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-07-28 16:33:30 +09:00
Sebastiaan van Stijn
219e7e7ddc
vendor: libnetwork 9e99af28df21367340c95a3863e31808d689c92a 
full diff: 2e24aed516...9e99af28df

- docker/libnetwork#2548 Add docker interfaces to firewalld docker zone
    - fixes docker/for-linux#957 DNS Not Resolving under Network [CentOS8]
    - fixes docker/libnetwork#2496 Port Forwarding does not work on RHEL 8 with Firewalld running with FirewallBackend=nftables
- store.getNetworksFromStore() remove unused error return
- docker/libnetwork#2554 Fix 'failed to get network during CreateEndpoint'
    - fixes/addresses docker/for-linux#888 failed to get network during CreateEndpoint
- docker/libnetwork#2558 [master] bridge: disable IPv6 router advertisements
- docker/libnetwork#2563 log error instead if disabling IPv6 router advertisement failed
    - fixes docker/for-linux#1033 Shouldn't be fatal: Unable to disable IPv6 router advertisement: open /proc/sys/net/ipv6/conf/docker0/accept_ra: read-only file system

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-07-08 16:12:22 +02:00
Akihiro Suda
91ca3e7a8d
update runc binary to v1.0.0-rc91 
release note: https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc91

vendored library isn't updated in this commit (waiting for containerd to vendor runc rc91)

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-07-02 20:10:11 +09:00
Jintao Zhang
85e3dddccd update containerd to v1.3.6 
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
 2020-07-02 00:12:56 +08:00
Brian Goff
a70842f9c8
Merge pull request #41151 from thaJeztah/fix_gotestsum_install_again 2020-06-29 09:38:42 -07:00
Jintao Zhang
0e915e5413 update containerd to v1.3.5 
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
 2020-06-27 11:09:38 +08:00
Sebastiaan van Stijn
a9d22cad93
hack/install: build gotestsum without -buildmode=pie 
No need for this binary as it's only used in tests.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-06-26 16:57:09 +02:00
Sebastiaan van Stijn
441aff3a17
fix gotestsum.installer installing wrong version 
When using go modules, `go build` will always fetch the latest
version of the package, so ignores the version we previously `go get`'d.

Instead of running `go get` and `go build` separately, this patch uses
`go get` (without the `-d` option) to do it all in one step.

Given that this binary is only used for testing, and only used inside the
Dockerfile, we should consider inlining this step in the Dockerfile itself,
but keeping that separate for now.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-06-26 16:56:15 +02:00
Tibor Vass
83199187ef vendor libnetwork to 2e24aed516bd5c836e11378bb457dd612aa868ed 
Signed-off-by: Tibor Vass <tibor@docker.com>
 2020-05-28 03:28:51 +00:00
Xiaodong Liu
0c350e87a0 ldmode=pie is not supported for the mips arch 
reference:
https://github.com/docker/cli/pull/2507
4c99c81326

Signed-off-by: Xiaodong Liu <liuxiaodong@loongson.cn>
 2020-05-21 09:23:00 +08:00
Tianon Gravi
e573542078
Merge pull request #40892 from thaJeztah/cleanup_containerd_installer 
containerd.installer: refactor
 2020-05-19 12:21:58 -07:00
Sebastiaan van Stijn
1d9da1b233
Fix bug in gotestsum installer causing dependencies to not be downloaded 
Building gotestsum started to fail after the repository removed some
dependencies on master.

What happens is that first, we `go get` the package (with go modules disabled);

    GO111MODULE=off go get -d gotest.tools/gotestsum

Which gets the latest version from master, and fetches the dependencies used
on master. Then we checkout the version we want to install (for example `v0.3.5`)
and run go build.

However, `v0.3.5` depends on logrus, and given that we ran `go get` for `master`,
that dependency was not fetched, and build fails.

This patch modifies the installer to use go modules (alternatively we could
probably run `go get .` after checking out the `v0.3.5` version),

We need to modify all installers, as it looks like this is a standard pattern
we use, but other dependencies were not failing (yet), so this patch only
addresses the immediate failure.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-05-16 18:52:53 +02:00
Akihiro Suda
17bb5f4b15 bump up rootlesskit to v0.9.5 
Supports numeric ID in /etc/subuid and /etc/subgid .
Fix #40926

Full changes: https://github.com/rootless-containers/rootlesskit/compare/v0.9.4...v0.9.5

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-05-11 10:25:00 +09:00
Sebastiaan van Stijn
886c8385f5
containerd.installer: refactor 
- add `set -e` to prevent linting warnings
- use `install` instead of `cp`
- use a subshell for the whole function, instead of starting one
  inside it.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-05-02 18:44:43 +02:00
Akihiro Suda
f6ac841633 bump up rootlesskit to v0.9.4 
Now `rootlesskit-docker-proxy` returns detailed error message on
exposing privileged ports: https://github.com/rootless-containers/rootlesskit/pull/136

Full changes: https://github.com/rootless-containers/rootlesskit/compare/v0.9.2...v0.9.4

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-04-27 13:02:30 +09:00
Jintao Zhang
fbaaca6351 update containerd to v1.3.4 
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
 2020-04-16 14:36:38 +08:00
Sebastiaan van Stijn
7f8b4b621b
Merge pull request #40689 from AkihiroSuda/test-rootless2 
test-integration: support more rootless tests
 2020-03-30 14:13:34 +02:00
Jintao Zhang
ea44be4b8f vendor: bump libnetwork ef149a924dfde2e506ea3cb3f617d7d0fa96b8ee 
fix https://github.com/moby/moby/issues/40715

Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
 2020-03-19 17:15:58 +08:00
Akihiro Suda
f310bd29bd rootless: support forwarding signals from RootlessKit to dockerd 
See https://github.com/rootless-containers/rootlesskit/pull/127

RootlessKit changes: https://github.com/rootless-containers/rootlesskit/compare/v0.9.1...v0.9.2

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-03-15 12:24:23 +09:00
Sebastiaan van Stijn
e26e1cc5c1
vendor: vishvananda/netlink v1.1.0 
- vishvananda/netlink: https://github.com/vishvananda/netlink/compare/v1.0.0...v1.1.0
- vishvananda/netns: 7109fa855b...0a2b9b5464
- libnetwork: bf2bd42abc...beab24292c
- github.com/moby/ipvs: new dependency (was previously part of libnetwork)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-03-12 22:57:23 +01:00
Tianon Gravi
87c2e65259
Merge pull request #40661 from thaJeztah/update_golangci_lint 
ci: update golangci-lint v1.23.8
 2020-03-10 14:09:41 -07:00
Sebastiaan van Stijn
51ea39c592
Merge pull request #40658 from AkihiroSuda/install-shim-v2 
containerd.installer: install containerd-shim-runc-v2
 2020-03-10 16:06:28 +01:00
Sebastiaan van Stijn
e36d222666
ci: update golangci-lint v1.23.8 
full diff: https://github.com/golangci/golangci-lint/compare/v1.20.0...v1.23.8

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-03-10 11:52:40 +01:00
Akihiro Suda
d949fddc6c containerd.installer: install containerd-shim-runc-v2 
cgroup2 mode requires containerd-shim-runc-v2 (containerd v1.4).

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-03-10 10:35:21 +09:00
Sebastiaan van Stijn
d5595a5845
Merge pull request #40596 from thaJeztah/bump_libnetwork 
vendor: bump libnetwork bf2bd42abc0a3734f12b5ec724e571434e42c669
 2020-03-09 17:23:06 +01:00
Akihiro Suda
1ea3a2b7f5 rootless: launch rootlesskit with --propagation=rslave 
The propagation was previously set to rprivate and didn't propagate
mounts from the host mount namespace into the daemon's mount namespace.

Further information about --propagation: https://github.com/rootless-containers/rootlesskit/tree/v0.9.1#mount-propagation
RootlessKit changes: https://github.com/rootless-containers/rootlesskit/compare/v0.8.0...v0.9.1

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-03-07 21:16:29 +09:00
Sebastiaan van Stijn
e1710b42d3
vendor: bump libnetwork bf2bd42abc0a3734f12b5ec724e571434e42c669 
full diff: 264bffcb88...bf2bd42abc

relevant changes:

- docker/libnetwork#2407 Macvlan internal network should not change default gateway
    - fixes docker/libnetwork#2406 Internal macvlan network overrides default gateway
- vendor godbus/dbus v5
- Fix InhibitIPv4 nil panic
- Cleanup VFP during overlay network removal
    - fixes VFP leak in windows overlay network deletion

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-03-07 00:35:47 +01:00
Akihiro Suda
3cf82748dd run shfmt 
git grep --name-only '^#!' | egrep -v '(vendor|\.go|Jenkinsfile)' | xargs shfmt -w -bn -ci -sr

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-03-03 12:27:49 +09:00
Akihiro Suda
eb484fcb67 validate: add shfmt 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-03-03 12:25:51 +09:00
Brian Goff
76e3a49933
Merge pull request #40486 from AkihiroSuda/rootless-cgroup2-systemd 
rootless: support `--exec-opt native.cgroupdriver=systemd`
 2020-03-02 16:11:21 -08:00
Sam Whited
8c0f6142a8 Update DNS library 
This makes sure that we don't become vulnerable to CVE-2018-17419 or
CVE-2019-19794 in the future.

Signed-off-by: Sam Whited <sam@samwhited.com>
 2020-02-25 17:05:57 -05:00
Akihiro Suda
ca4b51868a rootless: support --exec-opt native.cgroupdriver=systemd 
Support cgroup as in Rootless Podman.

Requires cgroup v2 host with crun.
Tested with Ubuntu 19.10 (kernel 5.3, systemd 242), crun v0.12.1.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-02-14 15:32:31 +09:00
Brian Goff
3473ff2893
Merge pull request #40469 from thaJeztah/containerd_1.3.3 
update containerd binary to v1.3.3
 2020-02-07 12:16:40 -08:00
Sebastiaan van Stijn
486161a63a
bump vndr v0.1.1 
full diff: https:/github.com/LK4D4/vndr/compare/v0.1.0...v0.1.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-02-07 13:37:45 +01:00
Sebastiaan van Stijn
27649ee44f
update containerd binary to v1.3.3 
full diff: https://github.com/containerd/containerd/compare/v1.3.2...v1.3.3
release notes: https://github.com/containerd/containerd/releases/tag/v1.3.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-02-07 10:21:01 +01:00
Akihiro Suda
cd43c1d1ac update runc binary to v1.0.0-rc10 (CVE-2019-19921) 
Notable changes:
* Fix CVE-2019-19921 (Volume mount race condition with shared mounts): https://github.com/opencontainers/runc/pull/2207
* Fix exec FIFO race: https://github.com/opencontainers/runc/pull/2185
* Basic support for cgroup v2.  Almost feature-complete, but still missing support for systemd mode in rootless.
  See also https://github.com/opencontainers/runc/issues/2209 for the known issues.

Full changes: https://github.com/opencontainers/runc/compare/v1.0.0-rc9...v1.0.0-rc10

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-01-25 03:55:39 +09:00
Arko Dasgupta
4c407caada Bump libnetwork to latest refpoint 
Commits:
feeff4f0 Merge pull request #2380 from liskin/bridge-atomic-hwaddr
fec6476d Merge pull request #2489 from suwang48404/doc
8757597e Added document describing libnetwork traffic flow.
eaea5722 Merge pull request #2445 from kdomanski/ipv6-addr-in-hosts
1680ce71 Merge pull request #2462 from arkodg/fix-key-spi-panic
4420ee92 Fix panic in drivers/overlay/encryption.go
57178323 Merge pull request #2472 from thaJeztah/bump_golang_1.12.12
f741dc9c Update Golang 1.12.12 (CVE-2019-17596)
79c19d09 Merge pull request #2461 from suwang48404/master
94facacc Added API to set ephemeral port allocator range.

Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com>
 2020-01-16 16:28:23 -08:00