Commit graph

2779 commits

Author SHA1 Message Date
Brian Goff
ffabf0d542
Merge pull request #38020 from thaJeztah/remove_iot_check
Remove skip evaluation of symlinks to data root on IoT Core
2019-07-15 11:13:19 -07:00
Sebastiaan van Stijn
763454e1e4
Remove unused pkg/system.IsIoTCore()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-07-13 23:45:08 +02:00
Sebastiaan van Stijn
bad0b4e604
Remove skip evaluation of symlinks to data root on IoT Core
This fix was added in 8e71b1e210 to work around
a go issue (https://github.com/golang/go/issues/20506).

That issue was fixed in
66c03d39f3,
which is part of Go 1.10 and up. This reverts the changes that were made in
8e71b1e210, and are no longer needed.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-07-13 23:44:51 +02:00
Sebastiaan van Stijn
44a3267912
Merge pull request #39481 from KentaTada/use-memavailable
Use MemAvailable instead of MemFree to estimate actual available memory
2019-07-13 19:59:43 +02:00
Sebastiaan van Stijn
c7816c5323
Harden TestClientWithRequestTimeout
DeadlineExceeded now implements a TimeOut() function,
since dc4427f372

Check for this interface, to prevent possibly incorrect failures;

```
00:16:41 --- FAIL: TestClientWithRequestTimeout (0.00s)
00:16:41     client_test.go:259: assertion failed:
00:16:41         --- context.DeadlineExceeded
00:16:41         +++ err
00:16:41         :
00:16:41         	-: context.deadlineExceededError{}
00:16:41         	+: &net.OpError{Op: "dial", Net: "tcp", Addr: s"127.0.0.1:49294", Err: &poll.TimeoutError{}}
00:16:41
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-07-12 12:31:51 +02:00
Kenta Tada
65177a72c5 Use MemAvailable instead of MemFree to estimate actual available memory
Signed-off-by: Kenta Tada <Kenta.Tada@sony.com>
2019-07-10 17:43:03 +09:00
Robert Wang
2f9e62611e Enhance container detection on some corner cases.
Not really bullet-proof, users can still create cgroups with name like
"foo:/init.scope" or "\nfoo" to bypass the detection. However, solving
these cases will require kernel to provide a better interface.

Signed-off-by: Robert Wang <robert@arctic.tw>
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2019-07-08 15:31:41 -04:00
Brian Goff
34d5b8867f Add realChroot for non linux/windows
3029e765e2 broke compilation on
non-Linux/Windows systems.
This change fixes that.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2019-07-03 14:36:48 -07:00
Yong Tang
b2b2de3699
Merge pull request #39455 from seemethere/remove_cocky
Remove cocky from names-generator
2019-07-03 16:36:51 +08:00
Eli Uriegas
8be39cd277 Remove cocky from names-generator
Could be misinterpreted as something not too kosher

Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
2019-07-02 16:51:11 +00:00
lzhfromutsc
c2479f6ebf Fixed the inconsistence and also a potential data race in pkg/ioutils/bytespipe.go: bp.closeErr is read/write 8 times; 7 out of 8 times it is protected by bp.mu.Lock(); 1 out of 8 times it is read without a Lock
Signed-off-by: lzhfromutsc <lzhfromustc@gmail.com>
2019-07-01 11:38:38 -07:00
Tobias Klauser
ba8a15694a Use functions from x/sys/unix to get number of CPUs on Linux
Use Getpid and SchedGetaffinity from golang.org/x/sys/unix to get the
number of CPUs in numCPU on Linux.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2019-06-18 19:26:56 +02:00
Tibor Vass
7410f1a859 pkg/archive: keep walkRoot clean if source is /
Previously, getWalkRoot("/", "foo") would return "//foo"
Now it returns "/foo"

Signed-off-by: Tibor Vass <tibor@docker.com>
2019-06-14 03:57:58 +00:00
Sebastiaan van Stijn
e511b3be89
Merge pull request #39336 from justincormack/entropy-cannot-be-saved
Entropy cannot be saved
2019-06-11 18:40:19 +02:00
Sebastiaan van Stijn
28678f2226
Merge pull request #38349 from wk8/wk8/os_version
Adding OS version info to nodes' `Info` struct and to the system info's API
2019-06-07 14:54:51 +02:00
Sebastiaan van Stijn
c85fe2d224
Merge pull request #38522 from cpuguy83/fix_timers
Make sure timers are stopped after use.
2019-06-07 13:16:46 +02:00
Justin Cormack
2df693e533
Entropy cannot be saved
Remove non cryptographic randomness.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2019-06-07 11:54:45 +01:00
Jean Rouge
d363a1881e Adding OS version info to the nodes' Info struct
This is needed so that we can add OS version constraints in Swarmkit, which
does require the engine to report its host's OS version (see
https://github.com/docker/swarmkit/issues/2770).

The OS version is parsed from the `os-release` file on Linux, and from the
`ReleaseId` string value of the `SOFTWARE\Microsoft\Windows NT\CurrentVersion`
registry key on Windows.

Added unit tests when possible, as well as Prometheus metrics.

Signed-off-by: Jean Rouge <rougej+github@gmail.com>
2019-06-06 22:40:10 +00:00
Sebastiaan van Stijn
bd89b3f553
Merge pull request #39288 from dohse/do-not-order-uid-gid-mappings
Stop sorting uid and gid ranges in id maps
2019-06-04 20:12:30 +02:00
Brian Goff
3029e765e2 Add chroot for tar packing operations
Previously only unpack operations were supported with chroot.
This adds chroot support for packing operations.
This prevents potential breakouts when copying data from a container.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2019-06-03 09:45:29 -07:00
Brian Goff
d089b63937 Pass root to chroot to for chroot Untar
This is useful for preventing CVE-2018-15664 where a malicious container
process can take advantage of a race on symlink resolution/sanitization.

Before this change chrootarchive would chroot to the destination
directory which is attacker controlled. With this patch we always chroot
to the container's root which is not attacker controlled.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2019-06-03 09:45:21 -07:00
Jonas Dohse
c4628d79d2 Stop sorting uid and gid ranges in id maps
Moby currently sorts uid and gid ranges in id maps. This causes subuid
and subgid files to be interpreted wrongly.

The subuid file

```
> cat /etc/subuid
jonas:100000:1000
jonas:1000:1
```

configures that the container uids 0-999 are mapped to the host uids
100000-100999 and uid 1000 in the container is mapped to uid 1000 on the
host. The expected uid_map is:

```
> docker run ubuntu cat /proc/self/uid_map
         0     100000       1000
      1000       1000          1
```

Moby currently sorts the ranges by the first id in the range. Therefore
with the subuid file above the uid 0 in the container is mapped to uid
100000 on host and the uids 1-1000 in container are mapped to the uids
1-1000 on the host. The resulting uid_map is:

```
> docker run ubuntu cat /proc/self/uid_map
         0       1000          1
         1     100000       1000
```

The ordering was implemented to work around a limitation in Linux 3.8.
This is fixed since Linux 3.9 as stated on the user namespaces manpage
[1]:

> In the initial implementation (Linux 3.8), this requirement was
> satisfied by a simplistic implementation that imposed the further
> requirement that the values in both field 1 and field 2 of successive
> lines must be in ascending numerical order, which prevented some
> otherwise valid maps from being created.  Linux 3.9 and later fix this
> limitation, allowing any valid set of nonoverlapping maps.

This fix changes the interpretation of subuid and subgid files which do
not have the ids of in the numerical order for each individual user.
This breaks users that rely on the current behaviour.

The desired mapping above - map low user ids in the container to high
user ids on the host and some higher user ids in the container to lower
user on host - can unfortunately not archived with the current
behaviour.

[1] http://man7.org/linux/man-pages/man7/user_namespaces.7.html

Signed-off-by: Jonas Dohse <jonas@dohse.ch>
2019-06-03 15:50:26 +02:00
Olli Janatuinen
14280fdc62 Fix to gofmt/goimports errors
Signed-off-by: Olli Janatuinen <olli.janatuinen@gmail.com>
2019-05-28 20:32:27 +03:00
Kirill Kolyshkin
6899fc094e
Merge pull request #39203 from slar/master
fixes #39145: Correct copy paste mistage in pkg/mount/mountinfo_freebsd.go that cau…
2019-05-26 11:36:24 -07:00
Sebastiaan van Stijn
19008faf03
Merge pull request #38992 from kolyshkin/mnt
pkg/mount: optimizations
2019-05-20 14:12:42 +02:00
Stig Larsson
6205fcf60d Correct copy paste mistage in pkg/mount/mountinfo_freebsd.go that caused compile errors.
Signed-off-by: Stig Larsson <stig@larsson.dev>
2019-05-11 14:04:02 +00:00
Rob Gulewich
256eb04d69 Start containers in their own cgroup namespaces
This is enabled for all containers that are not run with --privileged,
if the kernel supports it.

Fixes #38332

Signed-off-by: Rob Gulewich <rgulewich@netflix.com>
2019-05-07 10:22:16 -07:00
Sebastiaan van Stijn
79b5b19439
Merge pull request #39103 from lsilvs/master
Add Satoshi Nakamoto to names generator
2019-04-24 08:29:39 +02:00
Lucas Silvestre
4bfd23b7ee
Add Satoshi Nakamoto to names generator
Signed-off-by: Lucas Silvestre <lukas.silvestre@gmail.com>
2019-04-23 10:32:53 +02:00
John Howard
e0b528fe08 LCOW: (Experimental) Require RS5+ builds
Signed-off-by: John Howard <jhoward@microsoft.com>
2019-04-18 09:43:37 -07:00
Yong Tang
bfe6a05d5c
Merge pull request #39052 from thaJeztah/more_import_comments
Add more import comments
2019-04-11 09:29:43 -07:00
Sebastiaan van Stijn
191c0fec8c
Add Katie Bouman to names generator
Katherine Louise Bouman is an imaging scientist and Assistant Professor
of Computer Science at the California Institute of Technology. She
researches computational methods for imaging, and developed an algorithm
that made possible the picture first visualization of a black hole
using the Event Horizon Telescope. - https://en.wikipedia.org/wiki/Katie_Bouman

Thank you for being amazing!

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-04-11 12:43:30 +02:00
Sebastiaan van Stijn
c725eff3e2
Add more import comments
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-04-10 16:59:33 +02:00
Kir Kolyshkin
ec248fe61d pkg/mount/Make*: optimize
The only option we supply is either BIND or a mount propagation flag,
so it makes sense to specify the flag value directly, rather than using
parseOptions() every time.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2019-04-09 13:00:11 -07:00
Kir Kolyshkin
80fce834ad pkg/mount: Mount: minor optimization
Eliminate double call to parseOptions() from Mount()

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2019-04-09 12:58:07 -07:00
Kir Kolyshkin
aa60541877 pkg/mount: MakeMount: minor optimization
Current code in MakeMount parses /proc/self/mountinfo twice:
first in call to Mounted(), then in call to Mount(). Use
ForceMount() to eliminate such double parsing.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2019-04-09 12:57:59 -07:00
Sebastiaan van Stijn
58d862574c
fix parseInfoFile does not handle spaces in filenames
`/proc/self/mountinfo` uses `\040` for spaces, however, `parseInfoFile()`
did not decode those spaces in paths, therefore attempting to use `\040`
as a literal part of the path.

This patch un-quotes the `root` and `mount point` fields to fix
situations where paths contain spaces.

Note that the `mount source` field is not modified, given that
this field is documented (man `PROC(5)`) as:

    filesystem-specific information or "none"

Which I interpreted as "the format in this field is undefined".

Reported-by: Daniil Yaroslavtsev <daniilyar@users.noreply.github.com>
Reported-by: Nathan Ringo <remexre@gmail.com>
Based-on-patch-by: Diego Becciolini <itizir@users.noreply.github.com>
Based-on-patch-by: Sergei Utinski <sergei-utinski@users.noreply.github.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-04-02 13:09:26 +02:00
Tibor Vass
739adb46e4 daemon: fix bug in nvidia device registration
Signed-off-by: Tibor Vass <tibor@docker.com>
2019-03-29 16:07:01 -07:00
Sebastiaan van Stijn
e4cc3adf81
Merge pull request #38922 from Microsoft/jjh/grantvmgroupaccess
LCOW: Add VMGroup SID to layer.vhd; fix layer folder perm
2019-03-23 12:02:19 +01:00
Dmitry Sharshakov
88ce14ca1a Add new adjectives to the names generator (#38624)
* Add new adjectives to the names generator

Signed-off-by: sh7dm <d3dx12.xx@gmail.com>

* Add some more adjectives to the names generator

Signed-off-by: sh7dm <d3dx12.xx@gmail.com>
2019-03-21 13:48:59 -07:00
John Howard
b4db78be5a LCOW: Add SIDs to layer.vhd at creation
Signed-off-by: John Howard <jhoward@microsoft.com>

Some permissions corrections here. Also needs re-vendor of go-winio.

 - Create the layer folder directory as standard, not with SDDL. It will inherit permissions from the data-root correctly.
 - Apply the VM Group SID access to layer.vhd

Permissions after this changes

Data root:

```
PS C:\> icacls test
test BUILTIN\Administrators:(OI)(CI)(F)
     NT AUTHORITY\SYSTEM:(OI)(CI)(F)
```

lcow subdirectory under dataroot
```
PS C:\> icacls test\lcow
test\lcow BUILTIN\Administrators:(I)(OI)(CI)(F)
          NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
```

layer.vhd in a layer folder for LCOW
```
.\test\lcow\c33923d21c9621fea2f990a8778f469ecdbdc57fd9ca682565d1fa86fadd5d95\layer.vhd NT VIRTUAL MACHINE\Virtual Machines:(R)
                                                                                       BUILTIN\Administrators:(I)(F)
                                                                                       NT AUTHORITY\SYSTEM:(I)(F)
```

And showing working

```
PS C:\> docker-ci-zap -folder=c:\test
INFO: Zapped successfully
PS C:\> docker run --rm alpine echo hello
Unable to find image 'alpine:latest' locally
latest: Pulling from library/alpine
8e402f1a9c57: Pull complete
Digest: sha256:644fcb1a676b5165371437feaa922943aaf7afcfa8bfee4472f6860aad1ef2a0
Status: Downloaded newer image for alpine:latest
hello
```
2019-03-21 13:12:17 -07:00
John Howard
a3eda72f71
Merge pull request #38541 from Microsoft/jjh/containerd
Windows: Experimental: ContainerD runtime
2019-03-19 21:09:19 -07:00
Tibor Vass
8f936ae8cf Add DeviceRequests to HostConfig to support NVIDIA GPUs
This patch hard-codes support for NVIDIA GPUs.
In a future patch it should move out into its own Device Plugin.

Signed-off-by: Tibor Vass <tibor@docker.com>
2019-03-18 17:19:45 +00:00
John Howard
20833b06a0 Windows: (WCOW) Generate OCI spec that remote runtime can escape
Signed-off-by: John Howard <jhoward@microsoft.com>

Also fixes https://github.com/moby/moby/issues/22874

This commit is a pre-requisite to moving moby/moby on Windows to using
Containerd for its runtime.

The reason for this is that the interface between moby and containerd
for the runtime is an OCI spec which must be unambigious.

It is the responsibility of the runtime (runhcs in the case of
containerd on Windows) to ensure that arguments are escaped prior
to calling into HCS and onwards to the Win32 CreateProcess call.

Previously, the builder was always escaping arguments which has
led to several bugs in moby. Because the local runtime in
libcontainerd had context of whether or not arguments were escaped,
it was possible to hack around in daemon/oci_windows.go with
knowledge of the context of the call (from builder or not).

With a remote runtime, this is not possible as there's rightly
no context of the caller passed across in the OCI spec. Put another
way, as I put above, the OCI spec must be unambigious.

The other previous limitation (which leads to various subtle bugs)
is that moby is coded entirely from a Linux-centric point of view.

Unfortunately, Windows != Linux. Windows CreateProcess uses a
command line, not an array of arguments. And it has very specific
rules about how to escape a command line. Some interesting reading
links about this are:

https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/
https://stackoverflow.com/questions/31838469/how-do-i-convert-argv-to-lpcommandline-parameter-of-createprocess
https://docs.microsoft.com/en-us/cpp/cpp/parsing-cpp-command-line-arguments?view=vs-2017

For this reason, the OCI spec has recently been updated to cater
for more natural syntax by including a CommandLine option in
Process.

What does this commit do?

Primary objective is to ensure that the built OCI spec is unambigious.

It changes the builder so that `ArgsEscaped` as commited in a
layer is only controlled by the use of CMD or ENTRYPOINT.

Subsequently, when calling in to create a container from the builder,
if follows a different path to both `docker run` and `docker create`
using the added `ContainerCreateIgnoreImagesArgsEscaped`. This allows
a RUN from the builder to control how to escape in the OCI spec.

It changes the builder so that when shell form is used for RUN,
CMD or ENTRYPOINT, it builds (for WCOW) a more natural command line
using the original as put by the user in the dockerfile, not
the parsed version as a set of args which loses fidelity.
This command line is put into args[0] and `ArgsEscaped` is set
to true for CMD or ENTRYPOINT. A RUN statement does not commit
`ArgsEscaped` to the commited layer regardless or whether shell
or exec form were used.
2019-03-12 18:41:55 -07:00
John Howard
85ad4b16c1 Windows: Experimental: Allow containerd for runtime
Signed-off-by: John Howard <jhoward@microsoft.com>

This is the first step in refactoring moby (dockerd) to use containerd on Windows.
Similar to the current model in Linux, this adds the option to enable it for runtime.
It does not switch the graphdriver to containerd snapshotters.

 - Refactors libcontainerd to a series of subpackages so that either a
  "local" containerd (1) or a "remote" (2) containerd can be loaded as opposed
  to conditional compile as "local" for Windows and "remote" for Linux.

 - Updates libcontainerd such that Windows has an option to allow the use of a
   "remote" containerd. Here, it communicates over a named pipe using GRPC.
   This is currently guarded behind the experimental flag, an environment variable,
   and the providing of a pipename to connect to containerd.

 - Infrastructure pieces such as under pkg/system to have helper functions for
   determining whether containerd is being used.

(1) "local" containerd is what the daemon on Windows has used since inception.
It's not really containerd at all - it's simply local invocation of HCS APIs
directly in-process from the daemon through the Microsoft/hcsshim library.

(2) "remote" containerd is what docker on Linux uses for it's runtime. It means
that there is a separate containerd service running, and docker communicates over
GRPC to it.

To try this out, you will need to start with something like the following:

Window 1:
	containerd --log-level debug

Window 2:
	$env:DOCKER_WINDOWS_CONTAINERD=1
	dockerd --experimental -D --containerd \\.\pipe\containerd-containerd

You will need the following binary from github.com/containerd/containerd in your path:
 - containerd.exe

You will need the following binaries from github.com/Microsoft/hcsshim in your path:
 - runhcs.exe
 - containerd-shim-runhcs-v1.exe

For LCOW, it will require and initrd.img and kernel in `C:\Program Files\Linux Containers`.
This is no different to the current requirements. However, you may need updated binaries,
particularly initrd.img built from Microsoft/opengcs as (at the time of writing), Linuxkit
binaries are somewhat out of date.

Note that containerd and hcsshim for HCS v2 APIs do not yet support all the required
functionality needed for docker. This will come in time - this is a baby (although large)
step to migrating Docker on Windows to containerd.

Note that the HCS v2 APIs are only called on RS5+ builds. RS1..RS4 will still use
HCS v1 APIs as the v2 APIs were not fully developed enough on these builds to be usable.
This abstraction is done in HCSShim. (Referring specifically to runtime)

Note the LCOW graphdriver still uses HCS v1 APIs regardless.

Note also that this does not migrate docker to use containerd snapshotters
rather than graphdrivers. This needs to be done in conjunction with Linux also
doing the same switch.
2019-03-12 18:41:55 -07:00
Yong Tang
6e86b1198f
Merge pull request #38780 from thaJeztah/remove_parse_tmpfs_options
pkg/mount: remove unused ParseTmpfsOptions
2019-03-04 10:01:41 -08:00
Sebastiaan van Stijn
144c95029c
pkg/mount: remove unused ParseTmpfsOptions
This function was previously used on the client to validate
tmpfs options, but is no longer used since
b9b8d8b364, as this validation
is platform-specific, so should be handled by the daemon.

Removing this function as it's no longer used anywhere.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-02-22 12:55:33 +01:00
Sebastiaan van Stijn
53460047e4
Refactor pkg/sysinfo
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-02-04 00:38:12 +01:00
Akihiro Suda
ec87479b7e allow running dockerd in an unprivileged user namespace (rootless mode)
Please refer to `docs/rootless.md`.

TLDR:
 * Make sure `/etc/subuid` and `/etc/subgid` contain the entry for you
 * `dockerd-rootless.sh --experimental`
 * `docker -H unix://$XDG_RUNTIME_DIR/docker.sock run ...`

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2019-02-04 00:24:27 +09:00
Sebastiaan van Stijn
44af96c0fc
Merge pull request #38634 from kolyshkin/cp-longname
pkg/archive:CopyTo(): fix for long dest filename
2019-01-31 00:16:11 +01:00