Commit graph

1872 commits

Author SHA1 Message Date
Brian Goff
54587d861d Bump plugin API version
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-01-21 11:41:32 -05:00
Zhang Wei
d44e79a366 Remove hard coded 'docker' string from package
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2016-01-22 00:14:52 +08:00
Alexander Morozov
781a33b6e7 Reuse subsystems mountpoints between checks
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2016-01-20 19:20:59 -08:00
John Howard
33729d3b5a Windows: VirtualTerminalInput native console
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-01-19 15:59:21 -08:00
John Howard
76ebd3dd17 Windows: Remove dead code
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-01-15 12:48:40 -08:00
Sebastiaan van Stijn
e44364eae9 Merge pull request #18587 from calavera/daemon_configuration_file
Allow to set daemon and server configurations in a file.
2016-01-14 16:44:58 -08:00
Brian Goff
3b6a989d81 Merge pull request #19325 from mingqing/fix-pid-convert-error
fix pidfile, pid is num use '/proc + string(pid)' can't found it
2016-01-14 16:49:20 -05:00
David Calavera
677a6b3506 Allow to set daemon and server configurations in a file.
Read configuration after flags making this the priority:

1- Apply configuration from file.
2- Apply configuration from flags.

Reload configuration when a signal is received, USR2 in Linux:

- Reload router if the debug configuration changes.
- Reload daemon labels.
- Reload cluster discovery.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-01-14 16:44:37 -05:00
David Calavera
22a81a2c58 Add an unsafe memory discovery store for testing.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-01-14 11:58:38 -05:00
mingqing
6a033fa03e fix pidfile, pid is num use '/proc + string(pid)' can't found it
Signed-off-by: mingqing <limingqing@cyou-inc.com>
2016-01-14 16:03:33 +08:00
Brian Goff
93268d845e Don't dump authz request when body is too large
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-01-13 17:04:49 -05:00
Jessica Frazelle
446f498eba
refactor aaparser pkg, add unit tests
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2016-01-13 08:43:12 -08:00
Jess Frazelle
293b3767c8 Merge pull request #19245 from jfrazelle/seccomp-kernel-check
check seccomp is configured in the kernel
2016-01-12 11:33:27 -08:00
Jessica Frazelle
40d5ced9d0
check seccomp is configured in the kernel
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2016-01-12 09:45:21 -08:00
Alexander Morozov
9a23569ecf Merge pull request #16032 from cpuguy83/remove_sqlite_dep
Build names and links at runtime - no more sqlite
2016-01-11 10:59:49 -08:00
Sebastiaan van Stijn
3f74d10142 Merge pull request #19222 from justincormack/shirley
Add Dame Stephanie "Steve" Shirley to names
2016-01-11 00:09:45 +01:00
Justin Cormack
4c530894f9 Add Dame Stephanie "Steve" Shirley to names
Born in Germany, she had to flee on the kindertransport to England in
1939. In the 1950s she worked at the Post Office Research Station at
Dollis Hill, building computers from scratch, and took evening classes
to get a degree in Mathematics.

In 1962 she set up a software company, employing almost entirely women,
working at home; the company was floated in 1996. Her team's projects
included programming Concorde's black box flight recorder. She adopted
the name "Steve" to fit in in a male domainated world.

http://www.bbc.co.uk/programmes/b05pmvl8
https://en.wikipedia.org/wiki/Steve_Shirley

Signed-off-by: Justin Cormack <justin.cormack@unikernel.com>
2016-01-10 21:33:18 +00:00
Anuj
cac23d1caa Adding two pioneer CS reseachers - Shafi Goldwasser and Michael Stonebraker
Signed-off-by: Anuj Bahuguna <anujbahuguna.dev@gmail.com>
2016-01-11 00:25:46 +05:30
Tõnis Tiigi
c49ccd3192 Merge pull request #19167 from vieux/bring_discovery_on_par
Bring discovery on par with the one in docker/swarm
2016-01-08 22:54:01 -08:00
Aaron Lehmann
3f829aa6e4 Remove ansiescape package
api/client/trust.go was the last file that used it.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-01-08 10:57:50 -08:00
Aaron Lehmann
65370be888 Send push information to trust code out-of-band
The trust code used to parse the console output of `docker push` to
extract the digest, tag, and size information and determine what to
sign. This is fragile and might give an attacker control over what gets
signed if the attacker can find a way to influence what gets printed as
part of the push output.

This commit sends the push metadata out-of-band. It introduces an `Aux`
field in JSONMessage that can carry application-specific data alongside
progress updates. Instead of parsing formatted output, the client looks
in this field to get the digest, size, and tag from the push.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-01-08 10:57:50 -08:00
Brian Goff
0f9f99500c Build names and links at runtime
Don't rely on sqlite db for name registration and linking.
Instead register names and links when the daemon starts to an in-memory
store.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-01-07 14:10:42 -05:00
Brian Goff
279dd092b6 Don't error out on plugin err with json
We don't want to error out when there is a json unmarshal error since
the `old way` will cause this to error.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-01-06 11:34:14 -05:00
Victor Vieux
a931c78540 Before that change, etcd and zookeeper would fail to instantiate
the discovery without the key being already there in the store or
created beforehand and implicitely by a 'swarm join'.

Signed-off-by: Alexandre Beslic <abronan@docker.com>
Signed-off-by: Victor Vieux <vieux@docker.com>

This PR allows to configure the discovery path using the
--discovery-opt flag (with "kv.path=path/to/nodes"). We
can point to "docker/nodes" and use the docker discovery.

If docker instances are advertising to the cluster using
the `--cluster-advertise` flag, the swarm join command
becomes unnecessary.

Signed-off-by: Alexandre Beslic <abronan@docker.com>
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-01-06 05:18:52 -08:00
Brian Goff
d3eca4451d Move responsibility of ls/inspect to volume driver
Makes `docker volume ls` and `docker volume inspect` ask the volume
drivers rather than only using what is cached locally.

Previously in order to use a volume from an external driver, one would
either have to use `docker volume create` or have a container that is
already using that volume for it to be visible to the other volume
API's.

For keeping uniqueness of volume names in the daemon, names are bound to
a driver on a first come first serve basis. If two drivers have a volume
with the same name, the first one is chosen, and a warning is logged
about the second one.

Adds 2 new methods to the plugin API, `List` and `Get`.
If a plugin does not implement these endpoints, a user will not be able
to find the specified volumes as well requests go through the drivers.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-01-05 16:28:38 -05:00
Sebastiaan van Stijn
db738dd77f Merge pull request #15666 from vdemeester/3519-configurable-escape
Implement configurable escape key for attach/exec
2016-01-04 00:49:07 +01:00
Vincent Demeester
15aa2a663b Implement configurable detach key
Implement configurable detach keys (for `attach`, exec`, `run` and
`start`) using the client-side configuration

- Adds a `--detach-keys` flag to `attach`, `exec`, `run` and `start`
  commands.
- Adds a new configuration field (in `~/.docker/config.json`) to
  configure the default escape keys for docker client.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2016-01-03 23:03:39 +01:00
Sebastiaan van Stijn
9d6c2196b5 Merge pull request #18387 from wenchma/18385-improve_help_msg
Improvement for docker subcommand's help messages
2016-01-03 12:19:53 +01:00
Phil Estes
233787040c Merge pull request #19036 from calavera/thank_you_ian
Thanks for everything Ian.
2016-01-02 21:21:03 -05:00
David Calavera
e11ebfcb09 Add Ian Murdock to the names generator.
❤️ 😢

Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-01-02 19:17:17 -05:00
Vincent Demeester
5c0af43ebe Merge pull request #19006 from jen20/f-solaris-stat
Fix downstream client API build errors on Solaris
2016-01-01 20:09:22 +01:00
Wen Cheng Ma
d7dc439623 Improvement for docker subcommand's help messages
Signed-off-by: Wen Cheng Ma <wenchma@cn.ibm.com>
2016-01-01 12:27:28 +08:00
Tim Wang
4b32d59595 Update LICENSE date
Signed-off-by: Tim <timwangdev@gmail.com>
2015-12-31 13:07:35 +00:00
James Nugent
c12dbb8c82 Fix downstream client API build errors on Solaris
The client API at fsouza/go-dockerclient has dependencies on packages in
the docker/docker repository which currently do not build on Solaris. In
particular, stat_unsupported.go makes use of the Mtimespec field of the
syscall.Stat_t struct, which is not present on Solaris, and a number of
Unix-specific packages do not list Solaris in their compile targets.

This commit adds enough support to be able to build
fsouza/go-dockerclient on SmartOS using Go 1.5.1 without affecting other
platforms.

Signed-off-by: James Nugent <james@jen20.com>
2015-12-30 18:25:42 -05:00
David Calavera
8e034802b7 Remove usage of pkg sockets and tlsconfig.
- Use the ones provided by docker/go-connections, they are a drop in replacement.
- Remove pkg/sockets from docker.
- Keep pkg/tlsconfig because libnetwork still needs it and there is a
  circular dependency issue.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-29 19:27:12 -05:00
Arnaud Porterie
914fad8b7d Merge pull request #18810 from runcom/pkg-authz-fixes
pkg: authorization: do not register the same plugin
2015-12-23 15:09:06 -08:00
Antonio Murdaca
c28fc06e00 pkg: authorization: do not register the same plugin
This patches avoids registering (and calling) the same plugin more than
once. Using an helper map which indexes by name guarantees this and keeps
the order.
The behavior of overriding the same name in a flag is consistent with,
for instance, the `docker run -v /test -v /test` flag which register
the volume just once.
Adds integration tests.

Without this patch:
```
Dec 20 19:34:52 localhost.localdomain docker[9988]:
time="2015-12-20T19:34:52.080901676+01:00" level=debug msg="Calling
GET
/v1.22/info"
Dec 20 19:34:52 localhost.localdomain docker[9988]:
time="2015-12-20T19:34:52.081213202+01:00" level=debug msg="AuthZ
request using plugin docker-novolume-plugin"
Dec 20 19:34:52 localhost.localdomain docker[9988]:
time="2015-12-20T19:34:52.081268132+01:00" level=debug
msg="docker-novolume-plugin implements: authz"
Dec 20 19:34:52 localhost.localdomain docker[9988]:
time="2015-12-20T19:34:52.081699788+01:00" level=debug msg="AuthZ
request using plugin docker-novolume-plugin"
Dec 20 19:34:52 localhost.localdomain docker[9988]:
time="2015-12-20T19:34:52.081762507+01:00" level=debug
msg="docker-novolume-plugin implements: authz"
Dec 20 19:34:52 localhost.localdomain docker[9988]:
time="2015-12-20T19:34:52.082092480+01:00" level=debug msg="GET
/v1.22/info"
Dec 20 19:34:52 localhost.localdomain docker[9988]:
time="2015-12-20T19:34:52.628691038+01:00" level=debug msg="AuthZ
response using plugin docker-novolume-plugin"
Dec 20 19:34:52 localhost.localdomain docker[9988]:
time="2015-12-20T19:34:52.629880930+01:00" level=debug msg="AuthZ
response using plugin docker-novolume-plugin"
```

With this patch:
```
Dec 20 19:37:32 localhost.localdomain docker[16620]:
time="2015-12-20T19:37:32.376523958+01:00" level=debug msg="Calling
GET
/v1.22/info"
Dec 20 19:37:32 localhost.localdomain docker[16620]:
time="2015-12-20T19:37:32.376715483+01:00" level=debug msg="AuthZ
request using plugin docker-novolume-plugin"
Dec 20 19:37:32 localhost.localdomain docker[16620]:
time="2015-12-20T19:37:32.376771230+01:00" level=debug
msg="docker-novolume-plugin implements: authz"
Dec 20 19:37:32 localhost.localdomain docker[16620]:
time="2015-12-20T19:37:32.377698897+01:00" level=debug msg="GET
/v1.22/info"
Dec 20 19:37:32 localhost.localdomain docker[16620]:
time="2015-12-20T19:37:32.951016441+01:00" level=debug msg="AuthZ
response using plugin docker-novolume-plugin"
```

Also removes a somehow duplicate debug statement (leaving only the
second one as it's a loop of plugin's manifest):
```
Dec 20 19:52:30 localhost.localdomain docker[25767]:
time="2015-12-20T19:52:30.544090518+01:00" level=debug
msg="docker-novolume-plugin's manifest: &{[authz]}"
Dec 20 19:52:30 localhost.localdomain docker[25767]:
time="2015-12-20T19:52:30.544170677+01:00" level=debug
msg="docker-novolume-plugin implements: authz"
```

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2015-12-23 21:08:40 +01:00
Daniel Nephin
83237aab2b Remove package pkg/ulimit, use go-units instead.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2015-12-23 13:27:58 -05:00
Daniel Nephin
b8659da214 Remove unused parser functions that were replaced by go-connections/nat.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2015-12-22 19:06:49 -05:00
Alexander Morozov
030347c3c9 Merge pull request #18762 from calavera/runconfig_to_types
Move container configuration types to api/types/container.
2015-12-22 14:22:08 -08:00
Alexander Morozov
9f228b37fc Merge pull request #18857 from calavera/catch_pipeline_error
Catch command pipeline error.
2015-12-22 13:34:56 -08:00
David Calavera
f38257308b Catch command pipeline error.
Rather than ignoring errors in the pipeline, return an execution error
and do not proceed with the latest command in the pipeline.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-22 15:17:15 -05:00
Dan Walsh
89a775d2dc No options to tmpfs is valid
If you run a

docker run command with --tmpfs /mountpoint:noexec

Or certain options that get translated into mount options, the mount command can get passed "" for mount data.
So this should be valid.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2015-12-22 14:15:07 -05:00
David Calavera
056e744903 Replace usage of pkg/nat with go-connections/nat.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-22 13:31:46 -05:00
David Calavera
0aab83d996 Move blkiodev package to types.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-22 13:31:46 -05:00
David Calavera
f9b857a200 Move StrSlice to types.
This is a very docker concept that nobody elses need.
We only maintain it to keep the API backwards compatible.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-22 13:31:43 -05:00
Sebastiaan van Stijn
312c82677b Merge pull request #15879 from Mashimiao/add-support-blkio_throtte_iops
Add support for blkio read/write iops device
2015-12-21 23:45:18 +01:00
Ma Shimiao
843084b08b Add support for blkio read/write iops device
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2015-12-21 09:14:49 +08:00
David Calavera
54f945994a Merge pull request #18651 from vbatts/dm-cleanup
loopback (and devicemapper) cleanup
2015-12-18 15:13:28 -08:00
Vincent Batts
af59752712 loopback: separate loop logic from devicemapper
The loopback logic is not technically exclusive to the devicemapper
driver. This reorganizes the code such that the loopback code is usable
outside of the devicemapper package and driver.

Signed-off-by: Vincent Batts <vbatts@redhat.com>
2015-12-18 10:57:43 -05:00
Vincent Batts
a292c04c01 devicemapper: remove unused type mapping
Signed-off-by: Vincent Batts <vbatts@redhat.com>
2015-12-18 10:44:06 -05:00
Antonio Murdaca
5a64c8027e authZ: more fixes
- fix naming and formatting
- provide more context when erroring auth
- do not capitalize errors
- fix wrong documentation
- remove ugly remoteError{}

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2015-12-18 16:29:01 +01:00
Alexander Morozov
5553aab705 Merge pull request #18744 from runcom/plugins-deadcode
pkg: plugins: remove dead code
2015-12-17 10:50:04 -08:00
Tibor Vass
9681f0f0d4 Merge pull request #18745 from runcom/pkg-version-String
pkg: version: add String method
2015-12-17 16:58:41 +01:00
Antonio Murdaca
0d9f1e344a pkg: version: add String method
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2015-12-17 11:52:23 +01:00
Antonio Murdaca
46e3a249a1 pkg: authorization: add Err to tweak response status code
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2015-12-17 11:08:47 +01:00
Antonio Murdaca
1d2b62ceae pkg: plugins: remove dead code
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2015-12-17 11:05:50 +01:00
Brian Goff
3805c29099 Merge pull request #18695 from dnephin/move_parse_link
Move ParseLink and validators into runconfig.parse where they are used
2015-12-16 16:15:52 -05:00
Vincent Demeester
cf7ccaf370 Merge pull request #18722 from calavera/remove_unused_packages
Remove timeoutconn package, it's not used anywhere
2015-12-16 20:56:43 +01:00
Vincent Demeester
8ec00e6d0e Merge pull request #18518 from MHBauer/spurious-timing
adjust test sleep timing to avoid spurious failure
2015-12-16 20:45:55 +01:00
Daniel Nephin
233a4fc33c Move ParseLink and validators into runconfig.parse where they are used.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2015-12-16 14:22:54 -05:00
David Calavera
4d8ce0ef4a Remove timeoutconn package.
It's not used anywhere.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-16 13:51:56 -05:00
David Calavera
b44b5bbc8b Merge pull request #18682 from calavera/replace_units_package
Replace pkg/units with docker/go-units.
2015-12-16 10:48:59 -08:00
Antonio Murdaca
c2276c1fe3 Merge pull request #18693 from dnephin/move_parse_docker_host
Move ParseDockerDaemonHost to opts/ package
2015-12-16 19:05:07 +01:00
David Calavera
4fef42ba20 Replace pkg/units with docker/go-units.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-16 12:26:49 -05:00
Antonio Murdaca
8435ea5289 pkg: authorization: cleanup
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2015-12-16 12:01:04 +01:00
Daniel Nephin
9b99591054 Move ParseDockerDaemonHost to opts/ package.
This function was only being used from a single place opts/opts.go. This
change moves it from a incohesive package (parsers) to the single place it
is used.

Also made a bunch of the helper methods private because they are not used
by any external modules.

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2015-12-15 20:53:17 -05:00
David Calavera
e98cae4919 Move filters package to the API.
These filters are only use to interchange data between clients and daemons.
They don't belong to the parsers package.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-15 18:13:26 -05:00
David Calavera
52fd30079a Merge pull request #18685 from calavera/remove_timeutils
Move timeutils functions to the only places where they are used.
2015-12-15 15:11:18 -08:00
David Calavera
d3fbd43432 Merge pull request #18677 from runcom/fix-plugins-error
pkg: plugins: fix and better handle errors
2015-12-15 14:17:52 -08:00
Morgan Bauer
81c334fa56
adjust test sleep timing to avoid spurious failure
- refactor ConsumeWithSpeed
 - documentation

Signed-off-by: Morgan Bauer <mbauer@us.ibm.com>
2015-12-15 13:27:24 -08:00
David Calavera
27220ecc6b Move timeutils functions to the only places where they are used.
- Move time json marshaling to the jsonlog package: this is a docker
  internal hack that we should not promote as a library.
- Move Timestamp encoding/decoding functions to the API types: This is
  only used there. It could be a standalone library but I don't this
it's worth having a separated repo for this. It could introduce more
complexity than it solves.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-15 14:56:14 -05:00
Antonio Murdaca
4133dc2212 pkg: plugins: fix and better handle errors
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2015-12-15 17:51:48 +01:00
Tibor Vass
c70f8b3c9c builder: remove container package dependency
Signed-off-by: Tibor Vass <tibor@docker.com>
2015-12-15 17:24:07 +01:00
Chris Dituri
9b584781ad Make pkg/devicemapper/ log messages with a common, consistent prefix.
Closes #16667

Uses the prefix "devicemapper:" for all the fmt and logrus error, debug, and info messages.

Signed-off-by: Chris Dituri <csdituri@gmail.com>
2015-12-14 21:35:15 -06:00
Tibor Vass
135cca6f52 utils: move git functions to pkg/gitutils
Signed-off-by: Tibor Vass <tibor@docker.com>
2015-12-14 14:59:52 +01:00
Justas Brazauskas
927b334ebf Fix typos found across repository
Signed-off-by: Justas Brazauskas <brazauskasjustas@gmail.com>
2015-12-13 18:04:12 +02:00
Antonio Murdaca
1fffc0270f Merge pull request #15365 from twistlock/14674-docker-authz
Docker authorization plug-in infrastructure
2015-12-12 12:30:33 +01:00
Alexander Morozov
ac453a310b Merge pull request #18353 from aaronlehmann/transfer-manager
Improved push and pull with upload manager and download manager
2015-12-10 14:52:48 -08:00
Aaron Lehmann
572ce80230 Improved push and pull with upload manager and download manager
This commit adds a transfer manager which deduplicates and schedules
transfers, and also an upload manager and download manager that build on
top of the transfer manager to provide high-level interfaces for uploads
and downloads. The push and pull code is modified to use these building
blocks.

Some benefits of the changes:

- Simplification of push/pull code
- Pushes can upload layers concurrently
- Failed downloads and uploads are retried after backoff delays
- Cancellation is supported, but individual transfers will only be
  cancelled if all pushes or pulls using them are cancelled.
- The distribution code is decoupled from Docker Engine packages and API
  conventions (i.e. streamformatter), which will make it easier to split
  out.

This commit also includes unit tests for the new distribution/xfer
package. The tests cover 87.8% of the statements in the package.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-09 19:13:35 -08:00
Brian Goff
8b6132aa15 Merge pull request #18538 from estesp/aufs-whiteout-userns-fix
Skip aufs whiteout files on userns translation to container
2015-12-09 14:47:01 -05:00
Sebastiaan van Stijn
7a6f5d9b31 Remove redundant check
jm.ID is already checked in the outer "if",
so theres no reason to check it again here.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2015-12-09 17:38:06 +01:00
Phil Estes
1626c9dae0 Skip aufs whiteout files on userns translation to container
aufs kernel module creates whiteout files on upper layer delete (and
other situations) and those files already are 'translated' regarding
ownership in host terms (e.g. they are already "0:0" owned), so when
these layers are copied around with pkg/archive we don't want to try and
translate these files regarding ownership.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2015-12-09 10:11:32 -05:00
Dima Stopel
8cc0892269 Fixing documentation according to comments by @moxiegirl and @thaJeztah
Signed-off-by: Dima Stopel <dima@twistlock.com>
2015-12-08 17:34:15 +02:00
Liron Levin
75c353f0ad Docker authorization plug-in infrastructure enables extending the functionality of the Docker daemon with respect to user authorization. The infrastructure enables registering a set of external authorization plug-in. Each plug-in receives information about the user and the request and decides whether to allow or deny the request. Only in case all plug-ins allow accessing the resource the access is granted.
Each plug-in operates as a separate service, and registers with Docker
through general (plug-ins API)
[https://blog.docker.com/2015/06/extending-docker-with-plugins/]. No
Docker daemon recompilation is required in order to add / remove an
authentication plug-in. Each plug-in is notified twice for each
operation: 1) before the operation is performed and, 2) before the
response is returned to the client. The plug-ins can modify the response
that is returned to the client.

The authorization depends on the authorization effort that takes place
in parallel [https://github.com/docker/docker/issues/13697].

This is the official issue of the authorization effort:
https://github.com/docker/docker/issues/14674

(Here)[https://github.com/rhatdan/docker-rbac] you can find an open
document that discusses a default RBAC plug-in for Docker.

Signed-off-by: Liron Levin <liron@twistlock.com>
Added container create flow test and extended the verification for ps
2015-12-08 17:34:15 +02:00
Aaron Lehmann
59df2adc07 Fix the scoping of "diff" so its value doesn't leak between loop iterations
In the existing code, "diff" has function scope and the value from the
previous iteration may be used if it is not reset. This appears to be an
oversight. This commit changes its scope to the for loop body.

One confusing point is that the cursor movement escape sequences appear
to be necessary even if the requested movement is 0. I haven't been able
to figure out why this makes a difference.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-07 17:01:47 -08:00
Aaron Lehmann
fc41d39394 Don't update lines on the terminal from a previous operation
When we handle a message that isn't tracked in the "line" map (for
example, one with no ID), clear the line map. This means we won't update
lines that were part of a previous, completed set of operations when
doing something like pull -a. It also has the beneficial side effect
of avoiding terminal glitching in these types of situations, since
messages that don't get tracked in the "line" map cause the count of the
number of lines to get out of sync.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-07 16:04:42 -08:00
Sebastiaan van Stijn
5f1af8da5b Merge pull request #18449 from coolljt0725/plugins_cleanup
pkg/plugins/client.go: don't try to encode os decode if it's nil
2015-12-07 16:03:28 +01:00
Tibor Vass
1f8efc687c Merge pull request #18123 from aidanhs/aphs-fail-on-broken-tar
Ensure adding a broken tar doesn't silently fail
2015-12-07 14:38:21 +01:00
Lei Jitang
a2d348968f pkg/plugins/client.go: don't try to encode os decode if it's nil
When user call the `Call()` method, they don't always want to sent
some args or get the return value, so they use `nil` when call `Call()`
method and this will casue an error. It's better to not trying to
encode or decode if it's nil.

Signed-off-by: Lei Jitang <leijitang@huawei.com>
2015-12-05 02:55:50 -05:00
Sebastiaan van Stijn
cb6a1a6042 Merge pull request #14466 from Mashimiao/add-support-blkio_throtte_bps
Add support for blkio read/write bps device
2015-12-04 12:29:58 +01:00
Alexander Morozov
7c1c96551d Merge pull request #18412 from aaronlehmann/runcommand-race
Fix race in RunCommandWithOutputForDuration
2015-12-03 19:35:04 -08:00
Ma Shimiao
3f15a055e5 Add support for blkio read/write bps device
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2015-12-04 09:26:03 +08:00
Alexander Morozov
4e6bea5964 Merge pull request #18411 from aaronlehmann/unit-test-timing
Adjust TestDockerCmdWithTimeout timeout to improve reliability
2015-12-03 16:34:36 -08:00
Aaron Lehmann
2704fd9156 Fix race in RunCommandWithOutputForDuration
This function was starting a goroutine that modifies one of its return
values. The intent is for the goroutine to only influence the return
value when it's causing the function to return, but it's racy and can
also modify the return value when the function is returning due to the
timeout. Fix the goroutine to not modify return values directly.

Also, give the channel a buffer so that the goroutine doesn't block
forever after a timeout.

Fixes #18305

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-03 16:34:01 -08:00
Aaron Lehmann
13d768b8ee Adjust TestDockerCmdWithTimeout timeout to improve reliability
I saw a failure of TestDockerCmdWithTimeout. This test starts a command
that produces output after 10 ms, but uses a 5 ms timeout, so normally
the command will be killed before the output. The time intervals are so
small that the timeout may not reliably trigger before the output, which
can cause the test to fail.

This commit changes the test to only fail if the process is still alive
after 10 seconds. This means the test will confirm that the timeouts are
happening, but not attempt to gauge that the timeouts are happening
within milliseconds of when they are expected (which can't be done
reliably).

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-03 14:42:32 -08:00
Tibor Vass
33ab2bb52c Merge pull request #18266 from calavera/events_pub_sub
Event PubSub topics + linear filtering.
2015-12-03 17:11:40 +01:00
David Calavera
434d2e8745 Add PubSub topics.
A TopicFunc is an interface to let the pubisher decide whether it needs
to send a message to a subscriber or not. It returns true if the
publisher must send the message and false otherwise.

Users of the pubsub package can create a subscriber with a topic
function by calling `pubsub.SubscribeTopic`.

Message delivery has also been modified to use concurrent channels per
subscriber. That way, topic verification and message delivery is not
o(N+M) anymore, based on the number of subscribers and topic verification
complexity.

Using pubsub topics, the API stops controlling the message delivery,
delegating that function to a topic generated with the filtering
provided by the user. The publisher sends every message to the
subscriber if there is no filter, but the api doesn't have to select
messages to return anymore.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-02 16:43:49 -05:00
David Calavera
93d1dd8036 Make filtering a linear operation.
Improves the current filtering implementation complixity.
Currently, the best case is O(N) and worst case O(N^2) for key-value filtering.
In the new implementation, the best case is O(1) and worst case O(N), again for key-value filtering.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-02 11:12:42 -05:00
Dan Walsh
b3e527dfd2 This patch adds --tmpfs as a option for mounting tmpfs on directories
It will Tar up contents of child directory onto tmpfs if mounted over

This patch will use the new PreMount and PostMount hooks to "tar"
up the contents of the base image on top of tmpfs mount points.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2015-12-02 10:06:59 -05:00
David Calavera
c84f5dfd74 Merge pull request #17438 from pmalmgren/17037-systemd226-cgroup
Fix docker status incorrectly reports containerized
2015-11-30 11:47:16 -08:00
Phil Estes
2a354790a6 Merge pull request #18241 from LK4D4/remove_listenbuffer
Remove listenbuffer
2015-11-30 14:37:14 -05:00
Jess Frazelle
e852959fad Merge pull request #18178 from jfrazelle/apparmor-we-meet-again
Fix docker-default profile handing signals
2015-11-30 11:34:34 -08:00
Jessica Frazelle
f8db9a09e0
check version for docker-default aa profile
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2015-11-30 10:18:12 -08:00
David Calavera
221d979e7b Merge pull request #18296 from jfrazelle/add-james
add james golick to names generator
2015-11-30 10:00:21 -08:00
Alexander Morozov
a0251b2bbf Remove listenbuffer package
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-11-30 09:04:59 -08:00
Alexander Morozov
ca5795cef8 Remove usage of listenbuffer package
It actually adds nothing to queuing requests.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-11-30 09:04:55 -08:00
Vincent Batts
a26accfb5d Merge pull request #18226 from duglin/Issue18170
Fix for zero-sized layers
2015-11-30 09:57:37 -06:00
Jessica Frazelle
bf66deeb08
add james golick to names generator
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2015-11-29 10:40:12 -08:00
Doug Davis
7bb9fc415a Fix for zero-sized layers
Moved a defer up to a better spot.

Fixed TestUntarPathWithInvalidDest to actually fail for the right reason

Closes #18170

Signed-off-by: Doug Davis <dug@us.ibm.com>
2015-11-25 18:02:03 -08:00
Bryan Boreham
899caaca9c Fix spelling of 'existent'
Signed-off-by: Bryan Boreham <bjboreham@gmail.com>
2015-11-25 13:45:37 +00:00
David Calavera
a2ab05098d Merge pull request #17924 from aaronlehmann/content-addressability
Content addressability
2015-11-24 11:01:33 -08:00
Tonis Tiigi
4352da7803 Update daemon and docker core to use new content addressable storage
Add distribution package for managing pulls and pushes. This is based on
the old code in the graph package, with major changes to work with the
new image/layer model.

Add v1 migration code.

Update registry, api/*, and daemon packages to use the reference
package's types where applicable.

Update daemon package to use image/layer/tag stores instead of the graph
package

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-11-24 09:40:25 -08:00
Brian Goff
985175fd8f Fix race in locker call to dec()
Can't safely use uint32 for locker since we need to decrement the count,
which requires loading the unit and doing some math, which is inherintly
racey.
Instead use Int32 which we can safely use with atomic and AddInt32 with
`-1`

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2015-11-24 11:59:09 -05:00
Aidan Hobson Sayers
3243e504d0 Ensure adding a broken tar doesn't silently fail
Signed-off-by: Aidan Hobson Sayers <aidanhs@cantab.net>
2015-11-23 14:18:58 +00:00
Brian Goff
692bfdaee3 Merge pull request #18146 from JamesKyburz/random-additions
Random additions
2015-11-21 13:18:09 -05:00
Antonio Murdaca
3ff9bb5332 Merge pull request #16613 from WeiZhang555/docker-cp-symlink
Add option `-L` to allow `docker cp` follow symbol link
2015-11-21 17:03:24 +01:00
James Kyburz
f8a6726dad Add nauseous and pedantic
Signed-off-by: James Kyburz <james.kyburz@gmail.com>
2015-11-21 16:23:07 +01:00
Antonio Murdaca
6653f82796 Merge pull request #17495 from mikebrow/docker-tz-and-nanosecond-updates
modifying docker --since and --until to support nanoseconds and time …
2015-11-20 23:37:44 +01:00
Tibor Vass
6e727a4c80 Merge pull request #17456 from Microsoft/TestChtimesFix
Fix ChTimes to prevent setting times past the Unix Max Time
2015-11-20 18:07:09 +01:00
Zhang Wei
92600bdec1 Add '-L' option for cp
Fixes #16555

Original docker `cp` always copy symbol link itself instead of target,
now we provide '-L' option to allow docker to follow symbol link to real
target.

Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
2015-11-21 00:36:56 +08:00
Michael Crosby
249b3a9479 Merge pull request #17459 from brahmaroutu/Power_Z_CI
Build and test Docker on IBM Power and Z using gccgo. Enable CI on Po…
2015-11-19 15:50:07 -08:00
Alexander Morozov
9c21e852b2 Merge pull request #18082 from MHBauer/gh9406
Remove defaults for flags/options that expect no value
2015-11-19 15:06:21 -08:00
Darren Stahl
318ad1cb43 This fixes Chtimes on systems with 32 bit Timespec
Signed-off-by: Darren Stahl <darst@microsoft.com>
2015-11-19 11:08:29 -08:00
David Calavera
aade9536b6 Merge pull request #18090 from vdemeester/17478-follow-up-cleanup-pkg-platform
Follow-up of 17478, unexport runtimeArchitecture method
2015-11-19 14:00:23 -05:00
Stefan Scherer
7c1d49d90c Move charsToString to architecture dependent source to fix casting problem
Signed-off-by: Stefan Scherer <scherer_stefan@icloud.com>
2015-11-19 18:09:08 +01:00
Morgan Bauer
48718a3c77
Remove defaults for flags/options that expect no value
- isZeroValue function from upstream go
 - covers booleans, strings and numbers
 - change integration to reflect new behavior
 - resolves #9406

Signed-off-by: Morgan Bauer <mbauer@us.ibm.com>
2015-11-19 08:37:51 -08:00
Vincent Demeester
0ff3c10aa8 Follow-up of 17478, unexport private method
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2015-11-19 14:55:57 +01:00
moxiegirl
c83373112c Merge pull request #17986 from bogdangrigg/master
Fix small typos in documentation files
2015-11-17 16:45:38 -08:00
Michael Crosby
53556183c7 Merge pull request #17434 from little-arhat/fix/newlines-in-json-status
Add newlines to FormatProgress for JSON as well
2015-11-17 15:52:31 -08:00
Michael Crosby
104dab87ea Merge pull request #17478 from vdemeester/pr-13921
Carry#13921 : Expand /info: Expose OSType (GOOS), Architecture (GOARCH)
2015-11-17 15:44:57 -08:00
Alexander Morozov
292a15e40a Use /usr/lib/os-release if /etc/os-release is missing.
As per os-release spec, /usr/lib/os-release file should be tried if
/etc/os-release is missing.

http://www.freedesktop.org/software/systemd/man/os-release.html

Thanks James Hunt <james.o.hunt@intel.com> and
Dimitri John Ledkov <dimitri.j.ledkov@intel.com> for contribution.

Close #17174

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-11-16 16:21:31 -08:00
Luca-Bogdan Grigorescu
d1e72baa15 Fix small typos in documentation files
Signed-off-by: Luca-Bogdan Grigorescu <bogdan@gmail.com>
2015-11-15 00:53:27 +02:00
Vincent Demeester
49779b674a Add pkg/parsers/architecture and pkg/platform
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2015-11-14 23:03:02 +01:00
Antonio Murdaca
1448cd3ec2 Merge pull request #17971 from narqo/simplify-addr-formating
Simplify final address formatting in parser.ParseTCPAddr
2015-11-14 08:38:09 +01:00
Srini Brahmaroutu
b1cc78b8f5 Build and test Docker on IBM Power and Z using gccgo. Enable CI on Power and Z.
Signed-off-by: Srini Brahmaroutu <srbrahma@us.ibm.com>
2015-11-14 03:16:45 +00:00
unclejack
13963957eb Merge pull request #17877 from aaronlehmann/capped-bytespipe
Cap the amount of buffering done by BytesPipe
2015-11-14 00:51:11 +02:00
Alexander Morozov
f5e318a17b Merge pull request #17090 from duglin/dockerignoreWildcards
Support multi-dir wildcards in .dockerignore
2015-11-13 14:29:34 -08:00
Doug Davis
eddb14a44e Support multi-dir wildcards in .dockerignore
Closes #13113

Signed-off-by: Doug Davis <dug@us.ibm.com>
2015-11-13 13:44:07 -08:00
Alexander Morozov
42fa8e3128 Merge pull request #17417 from cpuguy83/15815_add_log_file_poller
Fallback to file polling for jsonlog reader on err
2015-11-13 11:49:54 -08:00
Vladimir Varankin
3830359745 Simplify address formating
Use `net.JoinHostPort()` which count IPv6 literals in `host`,
instead of relying on `net.ParseIP(host).To4()` side effects.

Signed-off-by: Vladimir Varankin <nek.narqo@gmail.com>
2015-11-13 20:32:32 +03:00
Alexander Morozov
59a341ed2a Merge pull request #17833 from rhatdan/signals
Define all of the signals defined by kill -l
2015-11-13 09:03:51 -08:00
Mike Brown
430d8ff611 modifying docker --since and --until to support nanoseconds and time zones
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2015-11-13 09:56:15 -06:00
Vincent Demeester
812a1c149a Merge pull request #13959 from Mashimiao/add-support-blkio_weight_device
Add support for blkio.weight_device
2015-11-12 20:42:13 +01:00
Vincent Demeester
b99b23ba93 Merge pull request #17929 from mqliang/hardCode
Removing TODO in pkg/term/windows
2015-11-12 19:56:09 +01:00
Aaron Lehmann
64f8ee444d Cap the amount of buffering done by BytesPipe
Turn BytesPipe's Read and Write functions into blocking, goroutine-safe
functions. Add a CloseWithError function to propagate an error code to
the Read function.

Adjust tests to work with the blocking Read and Write functions.

Remove BufReader, since now its users can use BytesPipe directly.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-11-12 10:11:29 -08:00
Dan Walsh
d1ae13b0b0 Define all of the signals defined by kill -l
1) SIGHUP	 2) SIGINT	 3) SIGQUIT	 4) SIGILL	 5) SIGTRAP
 6) SIGABRT	 7) SIGBUS	 8) SIGFPE	 9) SIGKILL	10) SIGUSR1
11) SIGSEGV	12) SIGUSR2	13) SIGPIPE	14) SIGALRM	15) SIGTERM
16) SIGSTKFLT	17) SIGCHLD	18) SIGCONT	19) SIGSTOP	20) SIGTSTP
21) SIGTTIN	22) SIGTTOU	23) SIGURG	24) SIGXCPU	25) SIGXFSZ
26) SIGVTALRM	27) SIGPROF	28) SIGWINCH	29) SIGIO	30) SIGPWR
31) SIGSYS	34) SIGRTMIN	35) SIGRTMIN+1	36) SIGRTMIN+2	37) SIGRTMIN+3
38) SIGRTMIN+4	39) SIGRTMIN+5	40) SIGRTMIN+6	41) SIGRTMIN+7	42) SIGRTMIN+8
43) SIGRTMIN+9	44) SIGRTMIN+10	45) SIGRTMIN+11	46) SIGRTMIN+12	47) SIGRTMIN+13
48) SIGRTMIN+14	49) SIGRTMIN+15	50) SIGRTMAX-14	51) SIGRTMAX-13	52) SIGRTMAX-12
53) SIGRTMAX-11	54) SIGRTMAX-10	55) SIGRTMAX-9	56) SIGRTMAX-8	57) SIGRTMAX-7
58) SIGRTMAX-6	59) SIGRTMAX-5	60) SIGRTMAX-4	61) SIGRTMAX-3	62) SIGRTMAX-2
63) SIGRTMAX-1	64) SIGRTMAX

This will allow users to specify signals by name.  Needed to make docker run --stop-signal
work as defined by systemd.

man systemd

defines the proper way to shutdown a systemd running as pid 1 in a container as

SIGRTMIN+4

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2015-11-12 09:55:18 -05:00
mqliang
644471bac8 kill TODO
Signed-off-by: mqliang <mqliang.zju@gmail.com>
2015-11-12 16:41:25 +08:00
Alexander Morozov
2337db8205 Merge pull request #17925 from cpuguy83/fix_locker_unit_tests
Use timeouts instead of relying on runtime.GoSched
2015-11-11 18:46:52 -08:00
Brian Goff
fd672d5926 Use timeouts instead of relying on runtime.GoSched
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2015-11-11 20:59:07 -05:00