Commit graph

44312 commits

Author SHA1 Message Date
Brian Goff
e0ba440909
Merge pull request #43806 from thaJeztah/22.06_backport_fix_import
[22.06 backport] pkg/parsers/operatingsystem: fix stray import
2022-07-14 08:19:15 -07:00
Sebastiaan van Stijn
269e10a725
Merge pull request #43807 from thaJeztah/22.06_backport_gofmt_119
[22.06 backport] format (GoDoc) comments with Go 1.19 to prepare for future updates
2022-07-14 16:48:12 +02:00
Sebastiaan van Stijn
149b7e7f03
Merge pull request #43805 from thaJeztah/22.06_backport_bump_go_1.18.4
[22.06 backport] update golang to 1.18.4
2022-07-14 16:47:51 +02:00
Sebastiaan van Stijn
c51efa8617
docs: add API v1.42
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 264b41fb9e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-13 22:49:14 +02:00
Sebastiaan van Stijn
52791b1c14
client: errors: remove dead code
- Update IsErrNotFound() to check for the current type before falling back to
  detecting the deprecated type.
- Remove unauthorizedError and notImplementedError types, which were not used.
- IsErrPluginPermissionDenied() was added in 7c36a1af03,
  but not used at the time, and still appears to be unused.
- Deprecate IsErrUnauthorized in favor of errdefs.IsUnauthorized()
- Deprecate IsErrNotImplemented in favor of errdefs,IsNotImplemented()

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit ee230d8fdd)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-13 22:44:43 +02:00
Sebastiaan van Stijn
cdbca4061b
gofmt GoDoc comments with go1.19
Older versions of Go don't format comments, so committing this as
a separate commit, so that we can already make these changes before
we upgrade to Go 1.19.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 52c1a2fae8)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-13 22:42:29 +02:00
Sebastiaan van Stijn
c52e221207
gofmt files
result of:

    gofmt -s -w $(find . -type f -name '*.go' | grep -v "/vendor/")

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 6668801d40)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-13 22:42:26 +02:00
Sebastiaan van Stijn
e417e8dfc2
pkg/parsers/operatingsystem: fix stray import
This was caught by goimports;

    goimports -w $(find . -type f -name '*.go'| grep -v "/vendor/")

CI doesn't run on these platforms, so didn't catch it.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit e4e819b49c)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-13 22:40:22 +02:00
Sebastiaan van Stijn
6905fe7488
update golang to 1.18.4
go1.18.4 (released 2022-07-12) includes security fixes to the compress/gzip,
encoding/gob, encoding/xml, go/parser, io/fs, net/http, and path/filepath
packages, as well as bug fixes to the compiler, the go command, the linker,
the runtime, and the runtime/metrics package. See the Go 1.18.4 milestone on the
issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.18.4+label%3ACherryPickApproved

This update addresses:

CVE-2022-1705, CVE-2022-1962, CVE-2022-28131, CVE-2022-30630, CVE-2022-30631,
CVE-2022-30632, CVE-2022-30633, CVE-2022-30635, and CVE-2022-32148.

Full diff: https://github.com/golang/go/compare/go1.18.3...go1.18.4

From the security announcement;
https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE

We have just released Go versions 1.18.4 and 1.17.12, minor point releases. These
minor releases include 9 security fixes following the security policy:

- net/http: improper sanitization of Transfer-Encoding header

  The HTTP/1 client accepted some invalid Transfer-Encoding headers as indicating
  a "chunked" encoding. This could potentially allow for request smuggling, but
  only if combined with an intermediate server that also improperly failed to
  reject the header as invalid.

  This is CVE-2022-1705 and https://go.dev/issue/53188.

- When `httputil.ReverseProxy.ServeHTTP` was called with a `Request.Header` map
  containing a nil value for the X-Forwarded-For header, ReverseProxy would set
  the client IP as the value of the X-Forwarded-For header, contrary to its
  documentation. In the more usual case where a Director function set the
  X-Forwarded-For header value to nil, ReverseProxy would leave the header
  unmodified as expected.

  This is https://go.dev/issue/53423 and CVE-2022-32148.

  Thanks to Christian Mehlmauer for reporting this issue.

- compress/gzip: stack exhaustion in Reader.Read

  Calling Reader.Read on an archive containing a large number of concatenated
  0-length compressed files can cause a panic due to stack exhaustion.

  This is CVE-2022-30631 and Go issue https://go.dev/issue/53168.

- encoding/xml: stack exhaustion in Unmarshal

  Calling Unmarshal on a XML document into a Go struct which has a nested field
  that uses the any field tag can cause a panic due to stack exhaustion.

  This is CVE-2022-30633 and Go issue https://go.dev/issue/53611.

- encoding/xml: stack exhaustion in Decoder.Skip

  Calling Decoder.Skip when parsing a deeply nested XML document can cause a
  panic due to stack exhaustion. The Go Security team discovered this issue, and
  it was independently reported by Juho Nurminen of Mattermost.

  This is CVE-2022-28131 and Go issue https://go.dev/issue/53614.

- encoding/gob: stack exhaustion in Decoder.Decode

  Calling Decoder.Decode on a message which contains deeply nested structures
  can cause a panic due to stack exhaustion.

  This is CVE-2022-30635 and Go issue https://go.dev/issue/53615.

- path/filepath: stack exhaustion in Glob

  Calling Glob on a path which contains a large number of path separators can
  cause a panic due to stack exhaustion.

  Thanks to Juho Nurminen of Mattermost for reporting this issue.

  This is CVE-2022-30632 and Go issue https://go.dev/issue/53416.

- io/fs: stack exhaustion in Glob

  Calling Glob on a path which contains a large number of path separators can
  cause a panic due to stack exhaustion.

  This is CVE-2022-30630 and Go issue https://go.dev/issue/53415.

- go/parser: stack exhaustion in all Parse* functions

  Calling any of the Parse functions on Go source code which contains deeply
  nested types or declarations can cause a panic due to stack exhaustion.

  Thanks to Juho Nurminen of Mattermost for reporting this issue.

  This is CVE-2022-1962 and Go issue https://go.dev/issue/53616.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 34b8670b1a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-13 22:37:32 +02:00
Brian Goff
c3eecf0aa9
Merge pull request #43775 from bpascard/43774-seccomp-clock-settime64 2022-07-07 07:37:43 -07:00
Bastien Pascard
420142a886 profiles: seccomp: allow clock_settime64 when CAP_SYS_TIME is added
Signed-off-by: Bastien Pascard <bpascard@hotmail.com>
2022-07-06 23:45:13 +02:00
Tianon Gravi
d7f2e47224
Merge pull request #43764 from thaJeztah/build_no_checksums
hack: don't generate checksums for individual binaries
2022-07-05 13:29:57 -07:00
Sebastiaan van Stijn
a98bd75256
Merge pull request #43765 from thaJeztah/update_golangci_lint
Dockerfile: update golangci-lint to v1.46.2, replace golint with revive
2022-07-05 10:46:45 +02:00
Sebastiaan van Stijn
71e2aa78e4
hack: don't generate checksums for individual binaries
The script to build (static)binaries also generated checksums for all binaries
and scripts included. These checksums were not used, and not included when
releasing packages (which are a `tar.gz` for which a separate checksum would
be generated).

Removing these checksums, as they're unused, and complicated using these
artifacts for packagers (who would have to exclude them after building).

Before this:

```bash
rm -rf ./bundles
docker buildx build --build-arg VERSION=22.06.0-beta.1 --output ./bundles --target binary .

tree bundles
bundles
└── binary-daemon
    ├── containerd
    ├── containerd-shim-runc-v2
    ├── containerd-shim-runc-v2.md5
    ├── containerd-shim-runc-v2.sha256
    ├── containerd.md5
    ├── containerd.sha256
    ├── ctr
    ├── ctr.md5
    ├── ctr.sha256
    ├── docker-init
    ├── docker-init.md5
    ├── docker-init.sha256
    ├── docker-proxy
    ├── docker-proxy.md5
    ├── docker-proxy.sha256
    ├── dockerd
    ├── dockerd-rootless-setuptool.sh
    ├── dockerd-rootless-setuptool.sh.md5
    ├── dockerd-rootless-setuptool.sh.sha256
    ├── dockerd-rootless.sh
    ├── dockerd-rootless.sh.md5
    ├── dockerd-rootless.sh.sha256
    ├── dockerd.md5
    ├── dockerd.sha256
    ├── rootlesskit
    ├── rootlesskit-docker-proxy
    ├── rootlesskit-docker-proxy.md5
    ├── rootlesskit-docker-proxy.sha256
    ├── rootlesskit.md5
    ├── rootlesskit.sha256
    ├── runc
    ├── runc.md5
    ├── runc.sha256
    ├── vpnkit
    ├── vpnkit.md5
    └── vpnkit.sha256

1 directory, 36 files
```

After this:

```bash
rm -rf ./bundles
docker buildx build --build-arg VERSION=22.06.0-beta.1 --output ./bundles --target binary .

tree bundles
bundles
└── binary-daemon
    ├── containerd
    ├── containerd-shim-runc-v2
    ├── ctr
    ├── docker-init
    ├── docker-proxy
    ├── dockerd
    ├── dockerd-rootless-setuptool.sh
    ├── dockerd-rootless.sh
    ├── rootlesskit
    ├── rootlesskit-docker-proxy
    ├── runc
    └── vpnkit

1 directory, 12 files
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-04 13:23:00 +02:00
Sebastiaan van Stijn
46f598728b
Merge pull request #43762 from thaJeztah/build_no_version
hack: remove version from binaries, and remove symlinks
2022-07-04 13:05:09 +02:00
Sebastiaan van Stijn
1cab8eda24
replace golint with revive, as it's deprecated
WARN [runner] The linter 'golint' is deprecated (since v1.41.0) due to: The repository of the linter has been archived by the owner.  Replaced by revive.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-04 10:15:54 +02:00
Sebastiaan van Stijn
65e1adc219
Dockerfile: update golangci-lint to v1.46.2
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-04 10:15:30 +02:00
Sebastiaan van Stijn
968ff5ab44
fix some minor linting issues
libnetwork/firewall_linux.go:11:21: var-declaration: should drop = nil from declaration of var ctrl; it is the zero value (revive)
        ctrl *controller = nil
                           ^
    distribution/pull_v2_test.go:213:4: S1038: should use t.Fatalf(...) instead of t.Fatal(fmt.Sprintf(...)) (gosimple)
                t.Fatal(fmt.Sprintf("expected formatPlatform to show windows platform with a version, but got '%s'", result))
                ^
    integration-cli/docker_cli_build_test.go:5951:3: S1038: should use c.Skipf(...) instead of c.Skip(fmt.Sprintf(...)) (gosimple)
            c.Skip(fmt.Sprintf("Bug fixed in 18.06 or higher.Skipping it for %s", testEnv.DaemonInfo.ServerVersion))
            ^
    integration-cli/docker_cli_daemon_test.go:240:3: S1038: should use c.Skipf(...) instead of c.Skip(fmt.Sprintf(...)) (gosimple)
            c.Skip(fmt.Sprintf("New base device size (%v) must be greater than (%s)", units.HumanSize(float64(newBasesizeBytes)), units.HumanSize(float64(oldBasesizeBytes))))
            ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-04 10:15:28 +02:00
Sebastiaan van Stijn
10c56efa97
linting: error strings should not be capitalized (revive)
client/request.go:183:28: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
                    err = errors.Wrap(err, "In the default daemon configuration on Windows, the docker client must be run with elevated privileges to connect.")
                                           ^
    client/request.go:186:28: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
                    err = errors.Wrap(err, "This error may indicate that the docker daemon is not running.")
                                           ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-04 10:15:06 +02:00
Sebastiaan van Stijn
abaf69481f
Merge pull request #43763 from thaJeztah/cleanup_e2e
Dockerfile: remove redundant variable, and upgrade to latest 1.x stable syntax
2022-07-02 19:55:19 +02:00
Sebastiaan van Stijn
2e16286575
Merge pull request #43761 from thaJeztah/delve_arches
Dockerfile: don't install delve on ppc64le, s390x
2022-07-02 19:11:51 +02:00
Sebastiaan van Stijn
f55f39c0c2
Merge pull request #39792 from philsphicas/39791-apparmor-template-fix
Fix AppArmor profile docker-default /proc/sys rule
2022-07-02 17:10:44 +02:00
Sebastiaan van Stijn
e5a1514c6e
Dockerfile: update to latest syntax
It was pinned to the 1.3 version; removing the minor version to
make sure we're on the latest 1.x stable.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-02 17:01:57 +02:00
Sebastiaan van Stijn
43feaa9f8f
Dockerfile.e2e: remove redundant INSTALL_BINARY_NAME
It's only used in a single place, so may as well just hard-code it

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-02 17:00:34 +02:00
Sebastiaan van Stijn
d6f9b4d73b
hack: remove version from binaries, and remove symlinks
There may have been some historic reason for doing this, but I couldn't find
a practical use for building the (some) binaries with a version (default: "dev")
included, only to use a symlink to refer to the actual binary.

This patch removes the "${VERSION}" from the binary names in bundles, and
removes the code that created symlinks for them.

Before this patch:

```bash
rm -rf ./bundles
docker buildx build --build-arg VERSION=22.06.0-beta.1 --output ./bundles --target binary .

tree bundles
bundles
└── binary-daemon
    ├── containerd
    ├── containerd-shim-runc-v2
    ├── containerd-shim-runc-v2.md5
    ├── containerd-shim-runc-v2.sha256
    ├── containerd.md5
    ├── containerd.sha256
    ├── ctr
    ├── ctr.md5
    ├── ctr.sha256
    ├── docker-init
    ├── docker-init.md5
    ├── docker-init.sha256
    ├── docker-proxy -> docker-proxy-22.06.0-beta.1
    ├── docker-proxy-22.06.0-beta.1
    ├── docker-proxy-22.06.0-beta.1.md5
    ├── docker-proxy-22.06.0-beta.1.sha256
    ├── dockerd -> dockerd-22.06.0-beta.1
    ├── dockerd-22.06.0-beta.1
    ├── dockerd-22.06.0-beta.1.md5
    ├── dockerd-22.06.0-beta.1.sha256
    ├── dockerd-rootless-setuptool.sh
    ├── dockerd-rootless-setuptool.sh.md5
    ├── dockerd-rootless-setuptool.sh.sha256
    ├── dockerd-rootless.sh
    ├── dockerd-rootless.sh.md5
    ├── dockerd-rootless.sh.sha256
    ├── rootlesskit
    ├── rootlesskit-docker-proxy
    ├── rootlesskit-docker-proxy.md5
    ├── rootlesskit-docker-proxy.sha256
    ├── rootlesskit.md5
    ├── rootlesskit.sha256
    ├── runc
    ├── runc.md5
    ├── runc.sha256
    ├── vpnkit
    ├── vpnkit.md5
    └── vpnkit.sha256

1 directory, 38 files
```

After this patch:

```bash
rm -rf ./bundles
docker buildx build --build-arg VERSION=22.06.0-beta.1 --output ./bundles --target binary .

tree bundles
bundles
└── binary-daemon
    ├── containerd
    ├── containerd-shim-runc-v2
    ├── containerd-shim-runc-v2.md5
    ├── containerd-shim-runc-v2.sha256
    ├── containerd.md5
    ├── containerd.sha256
    ├── ctr
    ├── ctr.md5
    ├── ctr.sha256
    ├── docker-init
    ├── docker-init.md5
    ├── docker-init.sha256
    ├── docker-proxy
    ├── docker-proxy.md5
    ├── docker-proxy.sha256
    ├── dockerd
    ├── dockerd-rootless-setuptool.sh
    ├── dockerd-rootless-setuptool.sh.md5
    ├── dockerd-rootless-setuptool.sh.sha256
    ├── dockerd-rootless.sh
    ├── dockerd-rootless.sh.md5
    ├── dockerd-rootless.sh.sha256
    ├── dockerd.md5
    ├── dockerd.sha256
    ├── rootlesskit
    ├── rootlesskit-docker-proxy
    ├── rootlesskit-docker-proxy.md5
    ├── rootlesskit-docker-proxy.sha256
    ├── rootlesskit.md5
    ├── rootlesskit.sha256
    ├── runc
    ├── runc.md5
    ├── runc.sha256
    ├── vpnkit
    ├── vpnkit.md5
    └── vpnkit.sha256

1 directory, 36 files
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-02 16:57:51 +02:00
Sebastiaan van Stijn
2b0bd34d47
Dockerfile: don't install delve on ppc64le, s390x
Delve on Linux is currently only supported on amd64 and arm64;
https://github.com/go-delve/delve/blob/v1.8.1/pkg/proc/native/support_sentinel.go#L1-L6

On ppc64le and s390x, trying to install and run it, caused the
build to fail:

    RUN --mount=type=cache,target=/root/.cache/go-build     --mount=type=cache,target=/go/pkg/mod         GOBIN=/build/ GO111MODULE=on go install "github.com/go-delve/delve/cmd/dlv@v1.8.1"      && /build/dlv --help:

    pkg/mod/github.com/go-delve/delve@v1.8.1/service/debugger/debugger.go:28:2: found packages native (dump_linux.go) and your_operating_system_and_architecture_combination_is_not_supported_by_delve (support_sentinel.go) in /go/pkg/mod/github.com/go-delve/delve@v1.8.1/pkg/proc/native
    Error: failed to solve: executor failed running [/bin/sh -c GOBIN=/build/ GO111MODULE=on go install "github.com/go-delve/delve/cmd/dlv@${DELVE_VERSION}"      && /build/dlv --help]: exit code: 1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-02 15:44:13 +02:00
Brian Goff
3e7e81b68f
Merge pull request #42542 from zhangyoufu/libnetwork-ipvlan-enhance
drivers/ipvlan: add ipvlan_flag option, support l3s ipvlan_mode
2022-06-30 13:13:28 -07:00
Sebastiaan van Stijn
3cfa12eea8
Merge pull request #43754 from dperny/update-cluster-volumes-docs
Add more detail to cluster volumes docs
2022-06-30 21:22:03 +02:00
Phil Sphicas
66f14e4ae9 Fix AppArmor profile docker-default /proc/sys rule
The current docker-default AppArmor profile intends to block write
access to everything in `/proc`, except for `/proc/<pid>` and
`/proc/sys/kernel/shm*`.

Currently the rules block access to everything in `/proc/sys`, and do
not successfully allow access to `/proc/sys/kernel/shm*`. Specifically,
a path like /proc/sys/kernel/shmmax matches this part of the pattern:

    deny @{PROC}/{[^1-9][^0-9][^0-9][^0-9]*     }/** w,
         /proc  / s     y     s     /     kernel /shmmax

This patch updates the rule so that it works as intended.

Closes #39791

Signed-off-by: Phil Sphicas <phil.sphicas@att.com>
2022-06-30 21:12:58 +02:00
Sebastiaan van Stijn
cceead243e
Merge pull request #43757 from thaJeztah/align_containerd_versions
Dockerfile: use consistent format for CONTAINERD_VERSION
2022-06-30 21:07:59 +02:00
Brian Goff
54fc2812e0
Merge pull request #42155 from Snorch/integration-cli-fix-race-in-TestServiceLogsFollow
integration-cli: Fix race in TestServiceLogsFollow test case
2022-06-30 11:39:32 -07:00
Sebastiaan van Stijn
df97b9c663
Merge pull request #43759 from vvoland/labels-regression
project: Add label kind/regression
2022-06-30 20:38:09 +02:00
Paweł Gronowski
3a3a0cb54e project: Add label kind/regression
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2022-06-30 15:08:02 +02:00
Sebastiaan van Stijn
4e632a13c3
Dockerfile: use consistent format for CONTAINERD_VERSION
The Windows Dockerfile did not use a "v" prefix, whereas the
hack/dockerfile/install/containerd.installer did. While we're
not overriding these versions currently through build-args, doing
so would result in one of them being incorrect.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-06-30 14:28:37 +02:00
Sebastiaan van Stijn
1ed7999cb0
Merge pull request #43752 from thaJeztah/less_replaces
vendor: reduce replace rules, and update some dependencies
2022-06-30 13:42:10 +02:00
Sebastiaan van Stijn
90fce781d9
Merge pull request #43732 from thaJeztah/daemon_fix_hosts_validation_step1c1
daemon: refactor config loading
2022-06-30 01:15:30 +02:00
Sebastiaan van Stijn
6cd0171868
Merge pull request #43744 from crazy-max/fix-copy-link
build: force unlazy of refs by calling extract
2022-06-29 20:29:50 +02:00
Sebastiaan van Stijn
1f187e640c
daemon/config: use more assertions in tests
Removes some custom handling, some of which were giving the wrong
error on failure ("expected no error" when we were checking for an
error).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-06-29 19:59:23 +02:00
Sebastiaan van Stijn
10e42f599a
daemon/config: TestUnixValidateConfigurationErrors: use subtests
Use sub-tests and make sure we get the expected error

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-06-29 19:59:21 +02:00
Sebastiaan van Stijn
751222d907
daemon/config: verify that flags were set correctly in tests
To prevent (e.g.) introducing a typo in the flag-name and invalidating
the tests because of that.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-06-29 19:59:20 +02:00
Sebastiaan van Stijn
f73aadb230
daemon/config: New(): set more defaults
Set the defaults when constructing the config, instead of setting them
indirectly through the command-line flags.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-06-29 19:59:18 +02:00
Sebastiaan van Stijn
a0d0db126c
daemon/config: set default MTU when initializing config
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-06-29 19:59:16 +02:00
Sebastiaan van Stijn
62f71c4505
daemon/config: fix TestDaemonConfigurationMerge
This test was validating that the config file would not overwrite the
log-opt, but the test did not set up the flags correctly; as the flags
were not marked as "changed", it would not detect a conflict between
the config-file and daemon-flags.

This patch:

- removes the incorrect fields from the JSON file
- initializes the Config using config.New(), so that any defaults are also set
- sets flag values by actually setting them through the flags

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-06-29 19:59:14 +02:00
Sebastiaan van Stijn
9b39cab510
daemon/config: improve some tests
- TestReloadWithDuplicateLabels() also check value
- TestReloadDefaultConfigNotExist, TestReloadBadDefaultConfig,
  TestReloadWithConflictingLabels: verify that config is not
  reloaded.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-06-29 19:59:08 +02:00
Sebastiaan van Stijn
f8231c62f4
daemon/config: Validate() also validate default MTU
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-06-29 19:55:08 +02:00
Sebastiaan van Stijn
fce7ebdaa5
cmd/dockerd: loadDaemonCliConfig() safeguard for unparsed flags
This function depends on flags having been parsed before it's used;
add a safety-net in case this function would be called before that.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-06-29 19:55:06 +02:00
Sebastiaan van Stijn
0281f50efa
cmd/dockerd: move setting defaults to loadDaemonCliConfig()
Move changes to follow, but this moves the code to a more logical place.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-06-29 19:55:05 +02:00
Sebastiaan van Stijn
717a503590
api: add Hosts to API Config
This makes the API configuration more self-contained.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-06-29 19:55:03 +02:00
Sebastiaan van Stijn
fee8a6a5c4
cmd/dockerd: make newAPIServerConfig() more idiomatic
Construct the TLSConfig if needed, before constructing and returning the whole config.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-06-29 19:55:01 +02:00
Sebastiaan van Stijn
b053376741
cmd/dockerd: reserve port before creating sockets/listeners
This prevents creating a socket and touching the filesystem before
trying to use a port that was already in use by a container.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-06-29 19:55:00 +02:00