Commit graph

2393 commits

Author SHA1 Message Date
Sebastiaan van Stijn
4bc310c11b
bump runc binary v1.0.0-rc8
full diff: 029124da7a...425e105d5a

- opencontainers/runc#2043 Vendor in latest selinux code for keycreate errors

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-04-25 18:57:00 -07:00
Akihiro Suda
63a66b0eb0 rootless: optional support for lxc-user-nic SUID binary
lxc-user-nic can eliminate slirp overhead but needs /etc/lxc/lxc-usernet to be configured for the current user.

To use lxc-user-nic, $DOCKERD_ROOTLESS_ROOTLESSKIT_NET=lxc-user-nic also needs to be set.

This commit also bumps up RootlessKit from v0.3.0 to v0.4.0:
70e0502f32...e92d5e772e

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2019-04-25 23:54:30 +09:00
Sebastiaan van Stijn
2bfa24b393
Merge pull request #39129 from thaJeztah/bump_libnetwork
bump libnetwork 9ff9b57c344df5cd47443ad9e65702ec85c5aeb0
2019-04-23 23:27:07 +02:00
Sebastiaan van Stijn
7f2c564b23
bump libnetwork 9ff9b57c344df5cd47443ad9e65702ec85c5aeb0
full diff: 48f846327b...9ff9b57c34

- docker/libnetwork#2368 (windows) Pick a random host port if the user does not specify a host port

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-04-23 18:37:36 +02:00
corbin-coleman
edc639e99f Add ability to override the version in make.ps1
Checks for environment variable VERSION if it exists then it sets dockerVersion to VERSION

Signed-off-by: corbin-coleman <corbin.coleman@docker.com>
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
2019-04-19 18:39:57 +00:00
Brian Goff
fbb001d1f9 Add support for setting GOARM in cross target.
This adds to the existing format of `<GOOS>/<GOARCH>` to allow for
`<GOOS>/arm/v<GOARM>`

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2019-04-17 13:19:14 -07:00
Sebastiaan van Stijn
23416c1b36
re-align userland-proxy with vendored version
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-04-15 18:15:04 +02:00
Brian Goff
61a3285864
Support cross-compile for arm
Pretty much cross-compile doesn't work because  of this:

> profiles/seccomp/seccomp.go:13:2: build constraints exclude all Go files in /go/src/github.com/docker/docker/vendor/github.com/seccomp/libseccomp-golang

This changes adds a new Dockerfile target for cross compilation with the
neccesary arch specific libseccomp packages and CC toolchains.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-04-10 14:13:32 +02:00
Jintao Zhang
d43a41d7af Update runc 029124da7af7360afa781a0234d1b083550f797c
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
2019-04-06 16:53:33 +00:00
Jintao Zhang
8092cfb6e7 Update containerd v1.2.6
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
2019-04-06 16:51:56 +00:00
Michael Crosby
265b605118 Move docker-py tests to the end
These tests have bad output and its hard to figure out what went wrong
when one of them fails.  Move them to the end to atleast get the real
test output first and better debug things.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2019-04-05 10:15:08 -04:00
Tõnis Tiigi
bcaa613d82
Merge pull request #38983 from thaJeztah/bump_libnetwork
bump libnetwork to ebcade70ad1059b070d0040d798ecca359bc5fed
2019-04-03 10:26:47 -07:00
Akihiro Suda
c458822887 bump up rootlesskit
Changes: ed26714429...70e0502f32

Contains the fix for running RootlessKit+VPNKit instances simultaneously with multiple users: https://github.com/rootless-containers/rootlesskit/issues/56

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2019-04-03 20:08:50 +09:00
Tibor Vass
a0d64a3093
Merge pull request #38913 from AkihiroSuda/rootlesskit-docker-proxy
rootless: expose ports automatically
2019-04-02 19:51:15 -07:00
Sebastiaan van Stijn
3ab093d567
bump libnetwork to ebcade70ad1059b070d0040d798ecca359bc5fed
full diff: 1a06131fb8...ebcade70ad

relevant changes:

- docker/libnetwork#2349 IPVS: Add support for GetConfig/SetConfig
- docker/libnetwork#2343 Revert "debian has iptables-legacy and iptables-nft now"
- docker/libnetwork#2230 Moving IPVLAN driver out of experimental
- docker/libnetwork#2307 Fix for problem where agent is stopped and does not restart
- docker/libnetwork#2303 Touch-up error-message and godoc for ConfigVXLANUDPPort
- docker/libnetwork#2325 Fix possible nil pointer exception
- docker/libnetwork#2302 Use sync.RWMutex for VXLANUDPPort
- docker/libnetwork#2306 Improve error if auto-selecting IP-range failed

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-04-01 19:40:09 +02:00
Vincent Demeester
da823cf3a5
Merge pull request #38853 from cyphar/integration-cli-ensureImage
integration-cli: don't build -test images if they already exist
2019-03-27 07:32:23 +01:00
Akihiro Suda
f0b405fbda rootless: expose ports automatically
Now `docker run -p` ports can be exposed to the host namespace automatically when `dockerd-rootless.sh` is launched with
`--userland-proxy --userland-proxy-path $(which rootlesskit-docker-proxy)`.
This is akin to how Docker for Mac/Win works with `--userland-proxy-path=/path/to/vpnkit-expose-port`.

The port number on the host namespace needs to be set to >= 1024.
SCTP ports are currently unsupported.

RootlessKit changes: 7bbbc48a6f...ed26714429

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2019-03-21 02:44:08 +09:00
Yong Tang
87d593639c
Merge pull request #38860 from xichengliudui/fixtypos
Delete duplicate words
2019-03-15 10:01:54 -07:00
xichengliudui
1d62807db3 Delete duplicate words
update pull request

Signed-off-by: “xichengliudui” <“liuduidui@beyondcent.com”>
2019-03-14 07:53:38 -04:00
Sebastiaan van Stijn
25cdae293f
Update containerd v1.2.5, runc 2b18fe1d885ee5083ef9f0838fee39b62d653e30
Notable Updates

- Fix an issue that non-existent parent directory in image layers is created with permission 0700. containerd#3017
- Fix an issue that snapshots of the base image can be deleted by mistake, when images built on top of it are deleted. containerd#3087
- Support for GC references to content from snapshot and container objects. containerd#3080
- cgroups updated to dbea6f2bd41658b84b00417ceefa416b97 to fix issues for systemd 420 and non-existent cgroups. containerd#3079
- runc updated to 2b18fe1d885ee5083ef9f0838fee39b62d653e30 to include the improved fix for CVE-2019-5736. containerd#3082
- cri: Fix a bug that pod can't get started when the same volume is defined differently in the image and the pod spec. cri#1059
- cri: Fix a bug that causes container start failure after in-place upgrade containerd to 1.2.4+ or 1.1.6+. cri#1082
- cri updated to a92c40017473cbe0239ce180125f12669757e44f. containerd#3084

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-03-13 21:00:50 +01:00
Aleksa Sarai
d283c7fa2b
*: remove interfacer linter from CI
It has been declared deprecated by the author, and has a knack for
false-positives (as well as giving bad advice when it comes to APIs --
which is quite clear when looking at "nolint: interfacer" comments).

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2019-03-13 11:48:39 +11:00
Rong Gao
5e77399b92 fix hack/dockerfile/install/containerd.installer test statement
Signed-off-by: Rong Gao <gaoronggood@163.com>
2019-02-26 18:19:04 +08:00
Kir Kolyshkin
228bc35e82 make test-integration: use correct dockerd binary
Here's what happens:
1. One runs `make binary` once
2. Days go by...
3. One makes changes to dockerd sources
4. One runs `make test-integration` to test the changes
5. One spends a long time figuring out why on Earth
   those changes in step 3 are ignored by step 4.
6. One writes this patch
7. ...
8. PROFIT!!

OK, so `make test-integration` builds a dockerd binary
in bundles/dynbinary-daemon/, when starts a daemon instance
for testing. The problem is, the script that starts the
daemon sets PATH to try `bundles/binary-daemon/` first,
and `bundles/dynbinary-daemon/` second.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2019-02-18 22:20:49 -08:00
Sebastiaan van Stijn
c093c1e08b
Merge pull request #38718 from thaJeztah/update_containerd_1.2.4
Update containerd 1.2.4
2019-02-17 14:24:22 +01:00
Akihiro Suda
f1a87919e0 bump up rootlesskit (fix CentOS failure)
Changes:
7905ee34b3...7bbbc48a6f

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2019-02-14 14:27:28 +09:00
Sebastiaan van Stijn
26413ede57
Update containerd runtime 1.2.4
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-02-14 04:45:26 +01:00
Yong Tang
0111ee7087
Merge pull request #38717 from thaJeztah/update_containerd_1.2.3
Update containerd to 1.2.3
2019-02-12 15:58:12 -08:00
Sebastiaan van Stijn
c4763e02d1
Update containerd to 1.2.3
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-02-12 14:39:27 +01:00
Sebastiaan van Stijn
f03698b69a
Update runc to 6635b4f (fix CVE-2019-5736)
- Fixes a vulnerability in runc that allows a container escape (CVE-2019-5736)
  6635b4f0c6,
- Includes security fix for `runc run --no-pivot` (`DOCKER_RAMDISK=1`):
  28a697cce3
  (NOTE: the vuln is attackable only when `DOCKER_RAMDISK=1` is set && seccomp is disabled)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-02-12 14:17:22 +01:00
Tianon Gravi
6800954050
Merge pull request #38677 from tiborvass/fix-validate
hack: no need to git fetch in CI
2019-02-11 07:03:00 -08:00
Tibor Vass
42dcfc894a hack: Have TIMEOUT take -test.count into account when testing for flakiness
Signed-off-by: Tibor Vass <tibor@docker.com>
2019-02-08 18:36:31 +00:00
Vincent Demeester
f8e29fdd68
Merge pull request #38679 from AkihiroSuda/rootlesskit-030alpha1
bump up rootlesskit (fix armv7 compilation failure)
2019-02-06 09:40:31 +01:00
Tonis Tiigi
20e8572a4c hack: restore bundling vpnkit on amd64
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2019-02-05 18:21:30 -08:00
John Howard
bc80e8df3e Windows CI: Dump possible panic log
Signed-off-by: John Howard <jhoward@microsoft.com>
2019-02-05 09:17:40 -08:00
Akihiro Suda
bcc4c03092 bump up rootlesskit (fix armv7 compilation failure)
https://github.com/rootless-containers/rootlesskit/issues/41

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2019-02-05 23:02:32 +09:00
Tibor Vass
feb70fd5c9 hack: no need to git fetch in CI
CIs are assumed to do a git fetch and git merge before running tests.
Therefore, no need for a git fetch inside our validate scripts in CI.

If VALIDATE_ORIGIN_BRANCH is set, then git fetch is skipped and
VALIDATE_ORIGIN_BRANCH is used in validate scripts.

Otherwise, behavior is unchanged.

Signed-off-by: Tibor Vass <tibor@docker.com>
2019-02-05 02:54:50 +00:00
Akihiro Suda
ec87479b7e allow running dockerd in an unprivileged user namespace (rootless mode)
Please refer to `docs/rootless.md`.

TLDR:
 * Make sure `/etc/subuid` and `/etc/subgid` contain the entry for you
 * `dockerd-rootless.sh --experimental`
 * `docker -H unix://$XDG_RUNTIME_DIR/docker.sock run ...`

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2019-02-04 00:24:27 +09:00
Tianon Gravi
d440fea460
Merge pull request #38655 from thaJeztah/override_validate
Allow overriding repository and branch in validate scripts
2019-02-01 08:43:06 -08:00
Sebastiaan van Stijn
468eb93e5a
Use 17.06 stable channel for CLI used in CI
Update to the latest patch release of 17.06.2. This
keeps the same API requirements.

This also enables pre-built binaries for armhf instead
of compiling from source.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-01-31 11:42:40 +01:00
Sebastiaan van Stijn
2a08f33166
Allow overriding repository and branch in validate scripts
When running CI in other repositories (e.g. Docker's downstream
docker/engine repository), or other branches, the validation
scripts were calculating the list of changes based on the wrong
information.

This lead to weird failures in CI in a branch where these values
were not updated ':-) (CI on a pull request failed because it detected
that new tests were added to the deprecated `integration-cli` test-suite,
but the pull request did not actually make changes in that area).

This patch allows overriding the target repository (and branch)
to compare to (without having to edit the scripts).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-01-31 01:23:42 +01:00
Sebastiaan van Stijn
ead47f0a83
no need to set exec.Env to os.Environ() as it's the default
Per the docs: e73f489494/src/os/exec/exec.go (L57-L60)

> If Env is nil, the new process uses the current process's environment.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-01-12 13:32:23 +01:00
Sebastiaan van Stijn
ad2765b35e
Merge pull request #38523 from olljanat/flaky-test-finder
CI: Introduce flaky test finder
2019-01-12 11:16:18 +01:00
Olli Janatuinen
8a8fd37f6f CI: Introduce flaky test finder
comparing PR commit(s) to HEAD of moby/moby master branch and if founds
new (or renamed) integration tests will run stress tests for them.

Signed-off-by: Olli Janatuinen <olli.janatuinen@gmail.com>
2019-01-11 01:11:07 +02:00
Sebastiaan van Stijn
37498f009d
Shell scripts: fix bare variables
This makes my IDE a bit more silent :-)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-01-10 02:50:47 +01:00
Sebastiaan van Stijn
c3650770cc
Revert "Bash scripts; use double brackets, fix bare variables, add quotes"
This reverts commit 297b30df5f.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-01-10 02:23:38 +01:00
Sebastiaan van Stijn
27cc170d28
Bump containerd to v1.2.2
- Fix a bug that a container can't be stopped or inspected when its corresponding image is deleted
- Fix a bug that the cri plugin handles containerd events outside of k8s.io namespace

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-01-08 02:42:28 +01:00
Sebastiaan van Stijn
f9dbd383bb
Merge pull request #38418 from thaJeztah/mega_power
PowerShell: various cleanups / fixes
2019-01-08 00:03:23 +01:00
Sebastiaan van Stijn
c8ff5ecc09
Remove use of deprecated client.NewEnvClient()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-01-03 22:49:00 +01:00
Sebastiaan van Stijn
e0e9942dc5
Merge pull request #38419 from thaJeztah/fix_nuke_everything
PowerShell: fix "Nuke-Everything" failing to remove images
2018-12-31 21:24:01 +01:00
Sebastiaan van Stijn
297b30df5f
Bash scripts; use double brackets, fix bare variables, add quotes
These scripts explicitly use Bash, so we should be able to use
`[[` instead of `[` (which seems to be recommended).

Also added curly brackets to some bare variables, and quoted some paths.

This makes my IDE a bit more silent :-)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-12-24 00:05:14 +01:00