- Because of a bug, all the statically preallocated
bridge networks have /24 as network mask.
Signed-off-by: Alessandro Boch <aboch@docker.com>
(cherry picked from commit dab0447ae0)
Use updated notary to pick up updates from security review
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
(cherry picked from commit d594c6fcd8)
This version includes a fix that avoids checking against specific HTTP
status codes. The previous behavior violated the registry API spec.
Fixes#14975
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit 091dbc1034)
* Add godoc documentation where it was missing
* Change identifier names that don't match Go style, such as INDEX_NAME
* Rename RegistryInfo to PingResult, which more accurately describes
what this structure is for. It also has the benefit of making the name
not stutter if used outside the package.
Updates #14756
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Currently the vendor script removes directories which do not have imported go packages, however this also ends up removing license files which may be other directories.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
By default, using go with package will only validate the go file for the
current platform (or at last misses file_windows.go for example). This
tries to fix that.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Wraps the engine itself with an AppArmor policy.
This restricts what may be done by applications
we call out to, such as 'xz'.
Significantly, this policy also restricts the policies
to which a container may be spawned into. By default,
users will be able to transition to an unconfined
policy or any policy prefaced with 'docker-'.
Local operators may add new local policies prefaced
with 'docker-' without needing to modify this policy.
Operators choosing to disable privileged containers
will need to modify this policy to remove access
to change_policy to unconfined.
Signed-off-by: Eric Windisch <eric@windisch.us>
The docker-py commit used in the standard `Dockerfile` is from Feb. 2015
and is out of date with the current API level and has fixes for things
like the new docker cli config location and registry v2 changes/API
responses as well.
Also pass "NOT_ON_HOST=true" to docker-py test suite so that tests
relying on direct HOST interaction (versus running in a container) are
skipped.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Fix the following warnings:
pkg/mount/mountinfo.go:5:6: type name will be used as mount.MountInfo by other packages, and that stutters; consider calling this Info
pkg/mount/mountinfo.go:7:2: struct field Id should be ID
Signed-off-by: Antonio Murdaca <runcom@linux.com>
