The overlay(2) drivers were moved up in the list of storage drivers,
and are known to have problems if the backing filesystem does not
support d_type.
Commit 2e20e63da2 added a warning,
which is logged in the daemon logs, however, many users do not
check those logs, and may overlook this warning.
This patch adds the same warning to the output of `docker info`
so that the warning is more easily found.
In addition, the output of warnings printed by `docker info` is
optimized, by;
- moving all warnings to the _end_ of the output, instead of
mixing them with the regular output
- wrapping the storage-driver warnings, so that they are more
easily readable
Example output with this patch applied
============================================
devicemapper using loopback devices:
...
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: devicemapper: usage of loopback devices is strongly discouraged for production use.
Use `--storage-opt dm.thinpooldev` to specify a custom block storage device.
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
overlay2 on xfs without d_type support;
...
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: overlay2: the backing xfs filesystem is formatted without d_type support, which leads to incorrect behavior.
Reformat the filesystem with ftype=1 to enable d_type support.
Running without d_type support will not be supported in future releases.
WARNING: bridge-nf-call-iptables is disabled
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 1921559798)
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Until and unless user has specified a propagation property for volume, they
should default to "rprivate" and it should be passed to runc.
We can't make it conditional on HasPropagation(). GetPropagation() returns
default of rprivate if noting was passed in by user.
If we don't pass "rprivate" to runc, then bind mount could be shared even
if user did not ask for it. For example, mount two volumes in a container.
One is "shared" while other's propagation is not specified by caller. If
both volume has same source mount point of "shared", then second volume
will also be shared inside container (instead of being private).
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
(cherry picked from commit af8a1430f1)
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
In some cases, if a user specifies `-f` when disabling a plugin mounts
can still exist on the plugin rootfs.
This can cause problems during upgrade where the rootfs is removed and
may cause data loss.
To resolve this, ensure the rootfs is unmounted
before performing an upgrade.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 83f44d232d)
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
The call is not needed here and wouldn't really work since `Source` in
this case is a volume name.
Further we don't neccessarily even have a volume path at this time since
the volume hasn't been mounted yet.
The volume will be relabled either:
1. When data gets copied to it from the image (if applicable) -- https://github.com/docker/docker/blob/master/container/container_unix.go#L196
2. When the container is started -- https://github.com/docker/docker/blob/master/daemon/oci_linux.go#L737
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 898e84d5fd)
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Currently local volumes and other volumes that support SELinux do
not get labeled correctly. This patch will allow a user to specify
:Z or :z when mounting a volume and have it fix the label of the newly
created volume.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
(cherry picked from commit 0c791c8e9f)
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
In some cases a mount spec would not be properly backported which could
lead to accidental removal of the underlying volume on container remove
(which should never happen with named volumes).
Adds unit tests for this as well. Unfortunately I had to add a daemon
depdency for the backport function due to looking up `VolumesFrom`
specs.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 3cf18596e9)
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This is a spiritual backport of acbfe6bc56
The afformentioned commit was not cherry-picked because it is a broader
change to the codebase, whereas this is the same basic fix but localized
to the local volume driver.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
When there is an error unmounting a local volume, it is still possible
to call `Remove()` on the volume causing removal of the mounted
resources which is generally not desirable.
This ensures that resources are unmounted before attempting removal.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit db3576f8a0)
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Commit 745795ef2e added
a `filter` query-parameter to all "prune" endpoints,
however the parameter was only used when pruning
images.
This patch removes the filter parameter from the other
endpoints, given that it is not used for those, so
there is no reason documenting it.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
commit d7bc6e4e7c
brought in markup fixes in the documentation, but
due to it being cherry-picked from "master", brought
in more changes that are not yet part of the
17.03 release.
This removes the features that are not in
the 17.03 release from the reference docs.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
