This adds a small C binary for fighting zombies. It is mounted under
`/dev/init` and is prepended to the args specified by the user. You
enable it via a daemon flag, `dockerd --init`, as it is disable by
default for backwards compat.
You can also override the daemon option or specify this on a per
container basis with `docker run --init=true|false`.
You can test this by running a process like this as the pid 1 in a
container and see the extra zombie that appears in the container as it
is running.
```c
int main(int argc, char ** argv) {
pid_t pid = fork();
if (pid == 0) {
pid = fork();
if (pid == 0) {
exit(0);
}
sleep(3);
exit(0);
}
printf("got pid %d and exited\n", pid);
sleep(20);
}
```
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
moves ensure-frozen-images to go
moves ensure-syscall-test to go
moves ensure-nnp-test to go
moves ensure-httpserver to go
Also makes some of the fixtures load only for the required tests.
This makes sure that fixtures that won't be needed for a test run such as
`make TESTFLAGS='-check.f Swarm' test-integration-cli` (for example)
aren't loaded... like the syscall tests.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Passses down BUILD_APT_MIRROR to the docker env.
Ensures BUILD_APT_MIRROR is used when building debs, but only when the
consuming `Dockerfile` actually uses it, otherwise it will cause the
build to fail (e.g. on Ubuntu builds we aren't using APT_MIRROR).
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Adds a new bundle `verify-integration-tests` which pre-compiles a test
binary for the integration tests.
This makes sure that the integration tests will actually compile before
doing other tasks which take much longer, such as building dockerd and
loading test fixtures.
When it comes time to actually run the tests, the pre-compiled binary
will be used so it doesn't have to compile the tests a 2nd time.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This patch allows to only release the packages that were built and are
present under the bundles/ directory instead of assuming packages exist
for all distros enumerated in the contrib/builder/ directory.
It also now adds support for armhf architecture for apt repositories.
Signed-off-by: Tibor Vass <tibor@docker.com>
Interactive integration testing is useful when you're developing new tests, or
making changes to cli code.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
This adds the ability to have different profiles for individual distros
and versions of the distro because they all ship with and depend on
different versions of policy packages.
The `selinux` dir contains the unmodified policy that is being used
today. The `selinux-fedora` dir contains the new policy for fedora 24
with the changes for it to compile and work on the system.
The fedora policy is from commit
4a6ce94da5
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
While testing #24510 I noticed that 32 bit syscalls were incorrectly being
blocked and we did not have a test for this, so adding one.
This is only tested on amd64 as it is the only architecture that
reliably supports 32 bit code execution, others only do sometimes.
There is no 32 bit libc in the buildpack-deps so we cannot build
32 bit C code easily so use the simplest assembly program which
just calls the exit syscall.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Reverts https://github.com/docker/docker/pull/18197
This was a workaround before Go 1.6, not required any more.
cc @nalind @Govinda-Fichtner
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Fixes#23981
The selinux issue we are seeing in the report is related to the socket
file for docker and nothing else. By removing the socket docker starts
up correctly.
However, there is another motivation for removing socket activation from
docker's systemd files and that is because when you have daemons running
with --restart always whenever you have a host reboot those daemons
will not be started again because the docker daemon is not started by
systemd until a request comes into the docker API.
Leave it for deb based systems because everything is working correctly
for both socket activation and starting normally at boot.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
The original sed placement was creating packages with an
"unsupported" tag in the package name.
Fixes#24197
Signed-off-by: Christy Perez <christy@linux.vnet.ibm.com>
`make run` allows you to fire up a daemon (in a container) just using
the existing built binaries. This allows for more rapid iteration
instead of dealing with firing up a shell just to start the daemon.
By default the daemon will listen on port 2375 on the default network
interface.
If a port forward is required to access the daemon, the user can set
`make DOCKER_PORT=2375 run` to get a port forward on a random port with
the daemon listening on port 2375, or `make DOCKER_PORT=2375:2375 run`
to get a daemon running with port 2375 forwarded to the daemon running
on 2375.
Note that the daemon is automatically configured to listen on whatever
port is set for the container side of the `DOCKER_PORT` port spec.
When running on docker4mac, the user must do the following:
```
$ make BINDDIR=. DOCKER_PORT=2375 run
```
This makes sure the binaries are loaded in the container and a port is
forwarded, since it is currently impossible to route traffic from the
mac directly to a container IP.
To get a fresh binary:
```
$ make BINDDIR=. DOCKER_PORT=2375 binary run
```
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This reduces memory usage with a lot of docker proxy processes.
On Docker for Mac we are currently carrying a patch to replace
the binary as we modify it to forward ports to the Mac rather
than the Linux VM, this allows us to simply replace this binary
in our packaging with one that has a compatible interface. This
patch does not provide an easy way to substitute a binary as
the interface is complex and there are few use cases, but where
needed this can be done.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
error: line 89: Invalid version (epoch must be unsigned integer):
%{epoch}:1.12.0-0.3.rc3.fc24: Requires(pre): docker-engine-selinux >=
%%{epoch}:1.12.0-0.3.rc3.fc24
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
This will kill any left over containerd-shims to avoid the integration
script to stay stuck while it waits on them.
It will then causes CI to fail (even if all the tests succeeded).
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
The script failed if an empty volume is used
to generate the repo. This adds the directory
if missing.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
installation for man-8 was added in 1514b499f0
(pull-request 23236), but had a typo in a path,
causing generation of the RPM's to fail.
This fixes the path
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
