Only open_by_handle_at requires CAP_DAC_READ_SEARCH.
This allows systemd to run with only `--cap-add SYS_ADMIN`
rather than having to also add `--cap-add DAC_READ_SEARCH`
as well which it does not really need.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
In cases there are failures in task start, swarmkit might be trying to
restart the task again in the same node which might keep failing. This
creates a race where when a failed task is getting removed it might
remove the associated network while another task for the same service
or a different service but connected to the same network is proceeding
with starting the container knowing that the network is still
present. Fix this by reacting to `ErrNoSuchNetwork` error during
container start by trying to recreate the managed networks. If they
have been removed it will be recreated. If they are already present
nothing bad will happen.
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
commit 41d580c7a6 added
"Joined at" to the output of node inspect,
but I forgot that docs changes are needed.
This change updates the example output
of node inspect in the documentation.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Progress reporting during image load was added
in 415dd86886, but
the corresponding query-parameter was not documented
in the API docs.
This updates the API docs, and adds a response example
both with quiet enabled and disabled.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Without a content-type header, Go uses a max post size
of 10 megabytes, which makes loading images fail
if they're larger than 10 megabytes
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This fix tries to address the issue in 25404 where updating environmental
variable in `service update --env-add` will not work.
The issue is because `--env-add` will only append the env, not update if
the same env already exist.
This fix tracks the env variable with a map and update if the variable
is the same.
An integration test has been added.
This fix fixes 25404.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
The error message suggests you need one argument even when you
have provided one. Suggest having another argument.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Unlike `docker run -v..`, `docker service create --mount`
does not allow bind-mounting non-existing host paths.
This adds validation for the specified `source`, and
produces an error if the path is not found on the
host.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Before this, container's auto-removal after exit is done in a goroutine,
this commit will get ContainerRm out of the goroutine.
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
