Commit graph

46063 commits

Author SHA1 Message Date
Sebastiaan van Stijn
0538cdd226
integration-cli: update error-assertions in tests
- use is.ErrorType
- replace uses of client.IsErrNotFound for errdefs.IsNotFound, as
  the client no longer returns the old error-type.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-10 22:13:50 +02:00
Sebastiaan van Stijn
66ff1e063e
client: update error-assertions in tests
- use is.ErrorType
- replace uses of client.IsErrNotFound for errdefs.IsNotFound, as
  the client no longer returns the old error-type.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-10 22:13:38 +02:00
Sebastiaan van Stijn
685b3d820a
client: make IsErrNotFound an alias for errdefs.IsNotFound
None of the client will return the old error-types, so there's no need
to keep the compatibility code. We can consider deprecating this function
in favor of the errdefs equivalent this.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-10 21:52:43 +02:00
Sebastiaan van Stijn
f70d9933d1
Merge pull request #45427 from laurazard/c8d-fix-incomplete-images
c8d: implement missing image delete logic
2023-05-10 18:01:45 +02:00
Sebastiaan van Stijn
3f7fde76c2
Merge pull request #45507 from corhere/cleanup-reexec-inits
[chore] clean up reexec.Init() calls
2023-05-10 11:49:11 +02:00
Brian Goff
03885e1b00
Merge pull request #45490 from Jeyanthinath/consistent_alias
fixing consistent aliases for OCI spec imports
2023-05-09 16:33:32 -07:00
Cory Snider
4e0319c878 [chore] clean up reexec.Init() calls
Now that most uses of reexec have been replaced with non-reexec
solutions, most of the reexec.Init() calls peppered throughout the test
suites are unnecessary. Furthermore, most of the reexec.Init() calls in
test code neglects to check the return value to determine whether to
exit, which would result in the reexec'ed subprocesses proceeding to run
the tests, which would reexec another subprocess which would proceed to
run the tests, recursively. (That would explain why every reexec
callback used to unconditionally call os.Exit() instead of returning...)

Remove unneeded reexec.Init() calls from test and example code which no
longer needs it, and fix the reexec.Init() calls which are not inert to
exit after a reexec callback is invoked.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-05-09 19:13:17 -04:00
Sebastiaan van Stijn
b07d2a3827
Merge pull request #45486 from thaJeztah/daemon_monitor_logclean
daemon: handleContainerExit(): use logrus.WithFields
2023-05-10 00:51:50 +02:00
Sebastiaan van Stijn
563fc92dd4
Merge pull request #45496 from thaJeztah/pkg_aaparser_deprecate_version
pkg/aaparser: deprecate GetVersion, as it's no longer used
2023-05-09 19:18:39 +02:00
Sebastiaan van Stijn
b587c5a2f8
Merge pull request #45501 from laurazard/c8d-image-history
c8d: add image history
2023-05-09 18:46:44 +02:00
Laura Brehm
e8be792130
c8d: fix missing image history
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2023-05-09 16:19:05 +01:00
Sebastiaan van Stijn
e3e715666f
pkg/aaparser: deprecate GetVersion, as it's no longer used
Our templates no longer contain version-specific rules, so this function
is no longer used. This patch deprecates it.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-09 16:47:03 +02:00
Sebastiaan van Stijn
06221297bf
Merge pull request #45495 from thaJeztah/apparmor_remove_version_code
profiles/apparmor: remove use of aaparser.GetVersion()
2023-05-09 16:46:32 +02:00
Sebastiaan van Stijn
a8b1ce2447
Merge pull request #45492 from thaJeztah/contrib_apparmor_remove_version
contrib/apparmor: remove remaining version-conditionals (< 2.9) from template
2023-05-09 16:46:08 +02:00
Jeyanthinath Muthuram
71d7908656
added alias validation
Signed-off-by: Jeyanthinath Muthuram <jeyanthinath10@gmail.com>
2023-05-08 19:03:44 +05:30
Sebastiaan van Stijn
ecaab085db
profiles/apparmor: remove use of aaparser.GetVersion()
commit 7008a51449 removed version-conditional
rules from the template, so we no longer need the apparmor_parser Version.

This patch removes the call to `aaparser.GetVersion()`

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-08 13:50:13 +02:00
Sebastiaan van Stijn
f445ee1e6c
contrib/apparmor: remove remaining version-conditionals (< 2.9) from template
Commit 2e19a4d56b removed all other version-
conditional statements from the AppArmor template, but left this one in place.

These conditions were added in 8cf89245f5
to account for old versions of debian/ubuntu (apparmor_parser < 2.9)
that lacked some options;

> This allows us to use the apparmor profile we have in contrib/apparmor/
> and solves the problems where certain functions are not apparent on older
> versions of apparmor_parser on debian/ubuntu.

Those patches were from 2015/2016, and all currently supported distro
versions should now have more current versions than that. Looking at the
oldest supported versions;

Ubuntu 18.04 "Bionic":

    apparmor_parser --version
    AppArmor parser version 2.12
    Copyright (C) 1999-2008 Novell Inc.
    Copyright 2009-2012 Canonical Ltd.

Debian 10 "Buster"

    apparmor_parser --version
    AppArmor parser version 2.13.2
    Copyright (C) 1999-2008 Novell Inc.
    Copyright 2009-2018 Canonical Ltd.

This patch removes the remaining conditionals.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-08 13:17:59 +02:00
Jeyanthinath Muthuram
307b09e7eb
fixing consistent aliases for OCI spec imports
Signed-off-by: Jeyanthinath Muthuram <jeyanthinath10@gmail.com>
2023-05-08 15:27:52 +05:30
Sebastiaan van Stijn
c651a53558
Merge pull request #45488 from doringeman/dorin.geman/execDuration-in-containerExit
daemon: handleContainerExit(): add execDuration in attributes
2023-05-08 11:14:28 +02:00
Sebastiaan van Stijn
d9d9950d8d
Merge pull request #45482 from thaJeztah/docs_api_fix_missing_endpoint
docs/api: version-history: also mention /system/df for VirtualSize
2023-05-08 11:03:40 +02:00
Dorin Geman
2ad37e1832 daemon: handleContainerExit(): add execDuration in attributes
Add `execDuration` field to the event attributes map. This is useful for tracking how long the container ran.

Signed-off-by: Dorin Geman <dorin.geman@docker.com>
2023-05-08 10:26:33 +03:00
Laura Brehm
cad97135b3
c8d: implement missing image delete logic
Ports over all the previous image delete logic, such as:
- Introduce `prune` and `force` flags
- Introduce the concept of hard and soft image delete conflics, which represent:
  - image referenced in multiple tags (soft conflict)
  - image being used by a stopped container (soft conflict)
  - image being used by a running container (hard conflict)
- Implement delete logic such as:
  - if deleting by reference, and there are other references to the same image, just
    delete the passed reference
  - if deleting by reference, and there is only 1 reference and the image is being used
    by a running container, throw an error if !force, or delete the reference and create
    a dangling reference otherwise
  - if deleting by imageID, and force is true, remove all tags (otherwise soft conflict)
  - if imageID, check if stopped container is using the image (soft conflict), and
    delete anyway if force
  - if imageID was passed in, check if running container is using the image (hard conflict)
  - if `prune` is true, and the image being deleted has dangling parents, remove them

This commit also implements logic to get image parents in c8d by comparing shared layers.

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2023-05-08 02:32:03 +01:00
Sebastiaan van Stijn
de363f1404
daemon: handleContainerExit(): use logrus.WithFields
Use `WithFields()` instead of chaining multiple `WithField()` calls.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-07 21:24:34 +02:00
Sebastiaan van Stijn
fdc7a78652
docs/api: version-history: also mention /system/df for VirtualSize
Commit 1261fe69a3 deprecated the VirtualSize
field, but forgot to mention that it's also included in the /system/df
endpoint.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-06 16:28:37 +02:00
Sebastiaan van Stijn
88f4bf4ae4
Merge pull request #45468 from thaJeztah/bump_api_1.44
API: bump version to 1.44
2023-05-06 15:10:59 +02:00
Sebastiaan van Stijn
fd0b109bf7
API: bump version to 1.44
The 24.0 branch was created, so changes in master/main should now be
targeting the next version of the API (1.44).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-06 01:41:49 +02:00
Sebastiaan van Stijn
8d9a40a820
Merge pull request #45467 from thaJeztah/sync_api_docs
api: synchronize api/swagger.yaml with docs/api/v1.43.yaml
2023-05-06 00:24:07 +02:00
Tianon Gravi
acce6043e0
Merge pull request #45476 from thaJeztah/vendor_containerd_1.6.21
vendor: github.com/containerd/containerd v1.6.21
2023-05-05 20:54:33 +00:00
Sebastiaan van Stijn
a87313497b
vendor: github.com/containerd/containerd v1.6.21
release notes: https://github.com/containerd/containerd/releases/tag/v1.6.21

Notable Updates

- update runc binary to v1.1.7
- Remove entry for container from container store on error
- oci: partially restore comment on read-only mounts for uid/gid uses
- windows: Add ArgsEscaped support for CRI
- oci: Use WithReadonlyTempMount when adding users/groups
- archive: consistently respect value of WithSkipDockerManifest

full diff: https://github.com/containerd/containerd/compare/c0efc63d3907...v1.6.21

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-05 19:52:17 +02:00
Sebastiaan van Stijn
5f36d4af15
api: synchronize api/swagger.yaml with docs/api/v1.43.yaml
- forward-port changes from 0ffaa6c785 to api/swagger.yaml (v1.44-dev)
- backports the changes to v1.43;
  - Update container OOMKilled flag immediately 57d2d6ef62
  - Add no-new-privileges to SecurityOptions returned by /info eb7738221c
  - API: deprecate VirtualSize field for /images/json and /images/{id}/json 1261fe69a3
  - api/types/container: create type for changes endpoint dbb48e4b29
  - builder-next/prune: Handle "until" filter timestamps 54a125f677

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-05 01:10:20 +02:00
Brian Goff
698fa85f38
Merge pull request #45463 from corhere/copy-xattr-notsupp
d/graphdriver/copy: support src fs w/o xattr support
2023-05-04 12:00:50 -07:00
Sebastiaan van Stijn
8a4b095a94
Merge pull request #45353 from thaJeztah/api_container_change_type
api/types/container: create type for changes endpoint
2023-05-04 19:48:40 +02:00
Sebastiaan van Stijn
0e8eea5a70
Merge pull request #45338 from thaJeztah/split_securityoptions
container: split security options to a SecurityOptions struct
2023-05-04 19:47:24 +02:00
Cory Snider
2b6761fd3e d/graphdriver/copy: support src fs w/o xattr support
Treat copying extended attributes from a source filesystem which does
not support extended attributes as a no-op, same as if the file did not
possess the extended attribute. Only fail copying extended attributes if
the source file has the attribute and the destination filesystem does
not support xattrs.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-05-04 12:30:59 -04:00
Sebastiaan van Stijn
7d7749ee47
Merge pull request #45429 from thaJeztah/libnetwork_cleanup_buildtags_and_stubs
libnetwork: remove redundant init(), remove dead code, and fix stubs / build-tags
2023-05-04 17:48:15 +02:00
Sebastiaan van Stijn
5c052e6c04
Merge pull request #45456 from thaJeztah/update_go1.20.4
update go to go1.20.4
2023-05-04 15:27:53 +02:00
Sebastiaan van Stijn
506b86773d
Merge pull request #45442 from thaJeztah/jsonmessage_refactor
pkg/jsonmessage: JSONMessage.Display(): remove special case for 401 errors
2023-05-04 14:59:48 +02:00
Sebastiaan van Stijn
3e6092f5b2
pkg/jsonmessage: touch-up GoDoc
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-04 13:46:11 +02:00
Sebastiaan van Stijn
05cb0e5a7d
pkg/jsonmessage: JSONProgress.String(), JSONProgress.now(): simplify
- inline an intermediate variable
- remove a redundant intermediate function

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-04 13:46:10 +02:00
Sebastiaan van Stijn
4cadee65b3
pkg/jsonmessage: JSONMessage.Display(): remove special case for 401 errors
This special case was added in 3043c26419 as
a sentinel error (`AuthRequiredError`) to check whether authentication
is required (and to prompt the users to authenticate). A later refactor
(946bbee39a) removed the `AuthRequiredError`,
but kept the error-message and logic.

Starting with fcee6056dc, it looks like we
no longer depend on this specific error, so we can return the registry's
error message instead.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-04 13:46:10 +02:00
Sebastiaan van Stijn
2adec6c8c0
Merge pull request #45438 from thaJeztah/c8d_fix_image_commit
c8d: commit: generateCommitImageConfig: don't merge image config
2023-05-04 11:28:43 +02:00
Sebastiaan van Stijn
66cf0e3f55
client: slightly improve ContainerDiff tests
- use gotest.tools for asserting
- check result returned

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-03 21:25:07 +02:00
Sebastiaan van Stijn
dbb48e4b29
api/types/container: create type for changes endpoint
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-03 21:23:42 +02:00
Sebastiaan van Stijn
b7e8868235
update go to go1.20.4
go1.20.4 (released 2023-05-02) includes three security fixes to the html/template
package, as well as bug fixes to the compiler, the runtime, and the crypto/subtle,
crypto/tls, net/http, and syscall packages. See the Go 1.20.4 milestone on our
issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.20.4+label%3ACherryPickApproved

release notes: https://go.dev/doc/devel/release#go1.20.4
full diff: https://github.com/golang/go/compare/go1.20.3...go1.20.4

from the announcement:

> These minor releases include 3 security fixes following the security policy:
>
> - html/template: improper sanitization of CSS values
>
>   Angle brackets (`<>`) were not considered dangerous characters when inserted
>   into CSS contexts. Templates containing multiple actions separated by a '/'
>   character could result in unexpectedly closing the CSS context and allowing
>   for injection of unexpected HMTL, if executed with untrusted input.
>
>   Thanks to Juho Nurminen of Mattermost for reporting this issue.
>
>   This is CVE-2023-24539 and Go issue https://go.dev/issue/59720.
>
> - html/template: improper handling of JavaScript whitespace
>
>   Not all valid JavaScript whitespace characters were considered to be
>   whitespace. Templates containing whitespace characters outside of the character
>   set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain
>   actions may not be properly sanitized during execution.
>
>   Thanks to Juho Nurminen of Mattermost for reporting this issue.
>
>   This is CVE-2023-24540 and Go issue https://go.dev/issue/59721.
>
> - html/template: improper handling of empty HTML attributes
>
>   Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}")
>   executed with empty input could result in output that would have unexpected
>   results when parsed due to HTML normalization rules. This may allow injection
>   of arbitrary attributes into tags.
>
>   Thanks to Juho Nurminen of Mattermost for reporting this issue.
>
>   This is CVE-2023-29400 and Go issue https://go.dev/issue/59722.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-03 20:42:33 +02:00
Sebastiaan van Stijn
1c2d8c8663
Merge pull request #45441 from thaJeztah/vendor_runtime_spec_v1.1.0-rc.2
vendor: github.com/opencontainers/runtime-spec v1.1.0-rc.2
2023-05-03 02:45:06 +02:00
Brian Goff
ab0377746a
Merge pull request #44583 from thaJeztah/update_term
vendor: github.com/moby/term v0.5.0
2023-05-02 09:10:33 -07:00
Sebastiaan van Stijn
bf3c156654
vendor: github.com/moby/term v0.5.0
- split exported functions from implementation
- windows: IsConsole(): fix deprecation comment
- deprecate Termios in favor of unix.Termios
- windows: keyToString(): fix string conversion
- gha: update actions, add macOS, and add Go1.20
- gha: add windows

full diff: 1aeaba8785...v0.5.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-02 14:14:17 +02:00
Sebastiaan van Stijn
c1d420ec60
vendor: github.com/moby/term v0.0.0-20221205130635-1aeaba878587
term: remove interrupt handler on termios

On termios platforms, interrupt signals are not generated in raw mode
terminals as the ISIG setting is not enabled. Remove interrupt handler
as it does nothing for raw mode and prevents other uses of INT signal
with this library.

This code seems to go back all the way to moby/moby#214 where signal
handling was improved for monolithic docker repository. Raw mode -ISIG
got reintroduced in moby/moby@3f63b87807, but the INT handler was left
behind.

full diff: abb19827d3...1aeaba8785

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-30 20:44:17 +02:00
Sebastiaan van Stijn
0df38c3e2b
vendor: github.com/opencontainers/runtime-spec v1.1.0-rc.2
release notes: https://github.com/opencontainers/runtime-spec/releases/tag/v1.1.0-rc.2

Additions

- config-linux: add support for rsvd hugetlb cgroup
- features: add features.md to formalize the runc features JSON
- config-linux: add support for time namespace

Minor fixes and documentation

- config-linux: clarify where device nodes can be created
- runtime: remove When serialized in JSON, the format MUST adhere to the following pattern
- Update CI to Go 1.20
- config: clarify Linux mount options
- config-linux: fix url error
- schema: fix schema for timeOffsets
- schema: remove duplicate keys

full diff: https://github.com/opencontainers/runtime-spec/compare/v1.1.0-rc.1...v1.1.0-rc.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-30 19:54:38 +02:00
Sebastiaan van Stijn
0ea9305f99
Merge pull request #45423 from thaJeztah/vendor_runc_1.1.7
vendor: github.com/opencontainers/runc v1.1.7
2023-04-30 19:53:31 +02:00