Commit graph

55 commits

Author SHA1 Message Date
Daehyeok Mun
6306019d0b Refactoring ineffectual assignments
This patch fixed below 4 types of code line
1. Remove unnecessary variable assignment
2. Use variables declaration instead of explicit initial zero value
3. Change variable name to underbar when variable not used
4. Add erro check and return for ignored error

Signed-off-by: Daehyeok Mun <daehyeok@gmail.com>
2017-01-13 00:27:01 -07:00
lixiaobing10051267
9501f2ea97 Use wrong ApplyLayer in diff_windows.go
Signed-off-by: lixiaobing10051267 <li.xiaobing1@zte.com.cn>
2016-12-19 17:21:18 +08:00
Michael Crosby
da0ccf8e61 Merge pull request #28047 from cpuguy83/27773_chrootarchive_rbind
Fix issue with cp to container volume dir
2016-11-09 10:52:14 -08:00
Amit Krishnan
934328d8ea Add functional support for Docker sub commands on Solaris
Signed-off-by: Amit Krishnan <krish.amit@gmail.com>

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2016-11-07 09:06:34 -08:00
Brian Goff
e6eef7eb49 Fix issue with cp to container volume dir
In some cases, attempting to `docker cp` to a container's volume dir
would fail due to the volume mounts not existing after performing a
bind-mount on the container path prior to doing a pivot_root.

This does not seem to be effecting all systems, but was found to be a
problem on centos.
The solution is to use an `rbind` rather than `bind` so that any
existing mounts are carried over.

The `MakePrivate` on `path` is no longer neccessary since we are already
doing `MakeRPrivate` on `/`.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-11-03 16:01:15 -04:00
Kenfe-Mickaël Laventure
87ae571fed Merge pull request #27609 from tonistiigi/fix-chroot-shared-parent
chroot: remount everything as private in new mntns
2016-10-21 14:40:40 -07:00
Stephen J Day
aa2cc18745
pkg/archive: remove unnecessary Archive and Reader type
The `archive` package defines aliases for `io.ReadCloser` and
`io.Reader`. These don't seem to provide an benefit other than type
decoration. Per this change, several unnecessary type cases were
removed.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2016-10-20 19:31:24 -07:00
Tonis Tiigi
70dfea63ba chroot: let root be cleaned up by kernel
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2016-10-20 15:50:46 -07:00
Tonis Tiigi
b511d1f0ca chroot: remount everything as private in new mntns
If parent of the destination path is shared, this
path will be unmounted from the parent ns even if
the path itself is private.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2016-10-20 15:29:23 -07:00
Phil Estes
dc950567c1 Use real chroot if daemon is running in a user namespace
The namespace unshare+pivot root is not possible when running inside a
user namespace, so fallback to the original "real" chroot code.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
2016-08-12 16:31:01 -04:00
Serge Hallyn
617c352e92 Don't create devices if in a user namespace
If we are running in a user namespace, don't try to mknod as
it won't be allowed.  libcontainer will bind-mount the host's
devices over files in the container anyway, so it's not needed.

The chrootarchive package does a chroot (without mounting /proc) before
its work, so we cannot check /proc/self/uid_map when we need to.  So
compute it in advance and pass it along with the tar options.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2016-08-12 16:26:58 -04:00
Antonio Murdaca
7d22887b2c pkg: chrootarchive: chroot_linux: fix mount leak
When pivot_root fails we need to unmount the bind mounted path we
previously mounted in preparation for pivot_root.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-06-11 00:07:41 +02:00
Doug Davis
ac043c7db6 Fix docker import tests
For me when I run the test I see:
```
Downloading from http://nourl/bad
Importing    283 B
Untar re-exec error: exit status 1: output: unexpected EOF
```
and nothing about "dial tcp" so it appears that the output is
system dependent and therefore we can't really check it. I think
checking for non-zero exit code is sufficient so I'm removing this
string check.

Signed-off-by: Doug Davis <dug@us.ibm.com>
2016-05-23 15:34:40 -07:00
Antonio Murdaca
5248f5c3d1 pkg: chrootarchive: chroot_linux: fix docker build
The path we're trying to remove doesn't exist after a successful
chroot+chdir because a / is only appended after pivot_root is
successful and so we can't cleanup anymore with the old path.
Also fix leaking .pivot_root dirs under /var/lib/docker/tmp/docker-builder*
on error.

Fix https://github.com/docker/docker/issues/22587
Introduced by https://github.com/docker/docker/pull/22506

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-05-10 00:42:49 +02:00
Brian Goff
85988b33d2 Use pivot_root instead of chroot for chrootarchive
This fixes one issue with Docker running under a grsec kernel, which
denies chmod and mknod under chroot.

Note, if pivot_root fails it will still fallback to chroot.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-05-04 19:55:34 -04:00
Amit Krishnan
a9c6169138 Remove flush(stdout) in pkg/chrootarchive/diff_unix.go and improve error reporting of flush() to fix #21103
pkg/chrootarchive/diff_unix.go erroneously calls flush on stdout, which tries to read from stdout returning an error.
This has been fixed by removing the call and by modifying flush to return errors and checking for these errors on calls to flush.

Signed-off-by: Amit Krishnan <krish.amit@gmail.com>
2016-03-15 10:29:51 -07:00
Darren Stahl
7f6ef09736 Windows CI: Unit Tests stop running failing chrootarchive tests
Signed-off-by: Darren Stahl <darst@microsoft.com>
2016-03-01 14:28:29 -08:00
Alexander Morozov
ad861876e8 Merge pull request #17035 from estesp/fix-build-dir-perms
Correct build-time directory creation with user namespaced daemon
2015-10-20 08:57:19 -07:00
Phil Estes
ae8c004dc1 Correct build-time directory creation with user namespaced daemon
This fixes errors in ownership on directory creation during build that
can cause inaccessible files depending on the paths in the Dockerfile
and non-existing directories in the starting image.

Add tests for the mkdir variants in pkg/idtools

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2015-10-20 08:59:48 -04:00
Derek Ch
b48f4bf523 fix a race crash when building with "ADD some-broken.tar.xz ..."
The race is between pools.Put which calls buf.Reset and exec.Cmd
doing io.Copy from the buffer; it caused a runtime crash, as
described in #16924:

``` docker-daemon cat the-tarball.xz | xz -d -c -q | docker-untar /path/to/... (aufs ) ```

When docker-untar side fails (like try to set xattr on aufs, or a broken
tar), invokeUnpack will be responsible to exhaust all input, otherwise
`xz` will be write pending for ever.

this change add a receive only channel to cmdStream, and will close it
to notify it's now safe to close the input stream;

in CmdStream the change to use Stdin / Stdout / Stderr keeps the
code simple, os/exec.Cmd will spawn goroutines and call io.Copy automatically.

the CmdStream is actually called in the same file only, change it
lowercase to mark as private.

[...]
INFO[0000] Docker daemon                                 commit=0a8c2e3 execdriver=native-0.2 graphdriver=aufs version=1.8.2

DEBU[0006] Calling POST /build
INFO[0006] POST /v1.20/build?cgroupparent=&cpuperiod=0&cpuquota=0&cpusetcpus=&cpusetmems=&cpushares=0&dockerfile=Dockerfile&memory=0&memswap=0&rm=1&t=gentoo-x32&ulimits=null
DEBU[0008] [BUILDER] Cache miss
DEBU[0009] Couldn't untar /home/lib-docker-v1.8.2-tmp/tmp/docker-build316710953/stage3-x32-20151004.tar.xz to /home/lib-docker-v1.8.2-tmp/aufs/mnt/d909abb87150463939c13e8a349b889a72d9b14f0cfcab42a8711979be285537: Untar re-exec error: exit status 1: output: operation not supported
DEBU[0009] CopyFileWithTar(/home/lib-docker-v1.8.2-tmp/tmp/docker-build316710953/stage3-x32-20151004.tar.xz, /home/lib-docker-v1.8.2-tmp/aufs/mnt/d909abb87150463939c13e8a349b889a72d9b14f0cfcab42a8711979be285537/)
panic: runtime error: slice bounds out of range

goroutine 42 [running]:
bufio.(*Reader).fill(0xc208187800)
    /usr/local/go/src/bufio/bufio.go:86 +0x2db
bufio.(*Reader).WriteTo(0xc208187800, 0x7ff39602d150, 0xc2083f11a0, 0x508000, 0x0, 0x0)
    /usr/local/go/src/bufio/bufio.go:449 +0x27e
io.Copy(0x7ff39602d150, 0xc2083f11a0, 0x7ff3960261f8, 0xc208187800, 0x0, 0x0, 0x0)
    /usr/local/go/src/io/io.go:354 +0xb2
github.com/docker/docker/pkg/archive.func·006()
    /go/src/github.com/docker/docker/pkg/archive/archive.go:817 +0x71
created by github.com/docker/docker/pkg/archive.CmdStream
    /go/src/github.com/docker/docker/pkg/archive/archive.go:819 +0x1ec

goroutine 1 [chan receive]:
main.(*DaemonCli).CmdDaemon(0xc20809da30, 0xc20800a020, 0xd, 0xd, 0x0, 0x0)
    /go/src/github.com/docker/docker/docker/daemon.go:289 +0x1781
reflect.callMethod(0xc208140090, 0xc20828fce0)
    /usr/local/go/src/reflect/value.go:605 +0x179
reflect.methodValueCall(0xc20800a020, 0xd, 0xd, 0x1, 0xc208140090, 0x0, 0x0, 0xc208140090, 0x0, 0x45343f, ...)
    /usr/local/go/src/reflect/asm_amd64.s:29 +0x36
github.com/docker/docker/cli.(*Cli).Run(0xc208129fb0, 0xc20800a010, 0xe, 0xe, 0x0, 0x0)
    /go/src/github.com/docker/docker/cli/cli.go:89 +0x38e
main.main()
    /go/src/github.com/docker/docker/docker/docker.go:69 +0x428

goroutine 5 [syscall]:
os/signal.loop()
    /usr/local/go/src/os/signal/signal_unix.go:21 +0x1f
created by os/signal.init·1
    /usr/local/go/src/os/signal/signal_unix.go:27 +0x35

Signed-off-by: Derek Ch <denc716@gmail.com>
2015-10-13 15:58:06 -07:00
Phil Estes
442b45628e Add user namespace (mapping) support to the Docker engine
Adds support for the daemon to handle user namespace maps as a
per-daemon setting.

Support for handling uid/gid mapping is added to the builder,
archive/unarchive packages and functions, all graphdrivers (except
Windows), and the test suite is updated to handle user namespace daemon
rootgraph changes.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2015-10-09 17:47:37 -04:00
Stefan J. Wernli
9b648dfac6 Windows: Fix long path handling for docker build
Signed-off-by: Stefan J. Wernli <swernli@microsoft.com>
2015-09-15 10:58:11 -07:00
Stefan J. Wernli
230cfc6ed2 Fixing Tar functions to support Windows long paths.
Signed-off-by: Stefan J. Wernli <swernli@microsoft.com>
2015-08-11 16:07:36 -07:00
Lei Jitang
ba332b7d12 Enable golint in pkg/arcive
Signed-off-by: Lei Jitang <leijitang@huawei.com>
2015-08-04 09:52:54 +08:00
John Howard
5ab9654bc4 Tidy platform common bits in diff
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-07-30 13:04:49 -07:00
John Howard
b43dc0d93c Windows: Daemon build is broken
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-07-29 20:08:51 -07:00
Vincent Batts
56bf275e32 archive, chrootarchive: split out decompression
In `ApplyLayer` and `Untar`, the stream is magically decompressed. Since
this is not able to be toggled, rather than break this ./pkg/ API, add
an `ApplyUncompressedLayer` and `UntarUncompressed` that does not
magically decompress the layer stream.

Signed-off-by: Vincent Batts <vbatts@redhat.com>
2015-07-28 16:36:38 -04:00
Arnaud Porterie
bc8b8e03b4 Enable validate-lint as part of CI
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
2015-07-22 15:23:34 -07:00
John Howard
3c177dc877 Windows: Docker build starting to work
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-06-17 10:41:28 -07:00
unclejack
2f6e4fdb29 linting changes
Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com>
2015-06-17 01:16:57 +03:00
Alexander Morozov
521926f6c4 Merge pull request #13231 from Microsoft/10662-chrootarchive
Windows: chrootarchive refactor
2015-06-03 09:54:42 -07:00
John Howard
d66ae67418 Windows: Undo 908db518 for Windows daemon
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-05-28 12:04:09 -07:00
John Howard
62f648b061 Windows: chrootarchive refactor
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-05-20 08:56:42 -07:00
Phil Estes
da697dbed6 Merge pull request #12360 from yestin/11601-supplement-tests-part-2
Improve test accuracy for pkg/chrootarchive (part 2)
2015-04-14 21:00:12 -04:00
Megan Kostick
fc20658a01 Fix vet warning in archive.go
Signed-off-by: Megan Kostick <mkostick@us.ibm.com>
2015-04-14 09:13:50 -07:00
Yestin Sun
67df8e4257 Improve test accuracy for pkg/chrootarchive (part 2)
Check test correctness of untar by comparing destination with
source. For part 2, it checkes hashes of source and destination
files or the target files of symbolic links.

This is a supplement to the #11601 fix.

Signed-off-by: Yestin Sun <sunyi0804@gmail.com>
2015-04-13 21:46:14 -07:00
Evan Hazlett
b6e64981e6 Merge pull request #12204 from yestin/11601-supplement-tests-part-1
Improve test accuracy for pkg/chrootarchive (part 1)
2015-04-13 16:14:18 -04:00
Phil Estes
908db51804 Send archive options via pipe in chrootarchive
After finding our initial thinking on env. space versus arg list space
was wrong, we need to solve this by using a pipe between the caller and
child to marshall the (potentially very large) options array to the
archiver.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2015-04-12 21:16:54 -04:00
Yestin Sun
7bb4b055ab Improve test accuracy for pkg/chrootarchive (part 1)
Check test correctness of untar by comparing destination with
source. For part one, it only compares the directories.

This is a supplement to the #11601 fix.

Signed-off-by: Yestin Sun <yestin.sun@polyera.com>
2015-04-08 14:07:31 -07:00
Yestin Sun
a08048d5c8 Add more tests for pkg/chrootarchive
Fixes issue #11601

Change-Id: Ifc1dbcc59cc4dc581ed43fc8fbe43fbaec4ccad0
Signed-off-by: Yestin Sun <sunyi0804@gmail.com>
2015-03-24 18:23:28 -07:00
Alexander Morozov
f207dd5e7c Merge pull request #10439 from estesp/10426-fix-arg-list-too-long
Pass excludes/options to tar unarchiver via environment versus cmd line
2015-02-20 23:48:55 -08:00
Phil Estes
743c9ba1fb Pass excludes/options to tar unarchiver via environment
Fixes #10426

Because of the ability to easily overload the shell max argument list
length once the image count is several hundred, `docker load` will
start to fail because of this as it passes an excludes list of all
images in the graph.  This patch uses an environment variable with the
json marshalled through it to get around the arg length limitation.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
2015-02-19 17:53:39 -08:00
Jason Sommer
0826ac1581 Fixed relative filepath check
Signed-off-by: Jason Sommer <jsdirv@gmail.com>
2015-02-16 20:38:52 -06:00
Ian Babrou
4d10b32380 Not doing extra assertion for io.Closer
Signed-off-by: Ian Babrou <ibobrik@gmail.com>
2015-01-22 10:36:20 +03:00
Doug Davis
6d801a3caa Have .dockerignore support Dockerfile/.dockerignore
If .dockerignore mentions either then the client will send them to the
daemon but the daemon will erase them after the Dockerfile has been parsed
to simulate them never being sent in the first place.

an events test kept failing for me so I tried to fix that too

Closes #8330

Signed-off-by: Doug Davis <dug@us.ibm.com>
2015-01-06 10:57:48 -08:00
Josh Hawn
35a22c9e12 Refactor to optimize storage driver ApplyDiff()
To avoid an expensive call to archive.ChangesDirs() which walks two directory
trees and compares every entry, archive.ApplyLayer() has been extended to
also return the size of the layer changes.

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2014-12-17 21:54:23 -08:00
Alexander Morozov
e7d086c2be Fix vet errors about unkeyed fields
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2014-12-12 10:44:59 -08:00
Michael Crosby
001ac15b54 Decompress archive before streaming the unpack in a chroot
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Conflicts:
	pkg/archive/archive.go
	pkg/chrootarchive/archive.go

Conflicts:
	pkg/archive/archive.go
2014-12-11 16:29:13 -05:00
Michael Crosby
7862f831fe Update chroot apply layer to handle decompression outside chroot
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Conflicts:
	pkg/archive/diff.go
	pkg/chrootarchive/archive.go

Conflicts:
	pkg/archive/diff.go
	pkg/chrootarchive/diff.go
2014-12-11 16:28:24 -05:00
Michael Crosby
d1535131d2 Flush stdin from within chroot archive
This makes sure that we don't buffer in memory and that we also flush
stdin from diff as well as untar.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2014-12-08 15:41:07 -08:00