Signed-off-by: Roberto Muñoz Fernández <robertomf@gmail.com>
Added an apparmorEnabled boolean in the Daemon struct to indicate if AppArmor is enabled or not. It is set in NewDaemon using sysInfo information.
Signed-off-by: Roberto Muñoz Fernández <robertomf@gmail.com>
gofmt'd
Signed-off-by: Roberto Muñoz Fernández <robertomf@gmail.com>
change the function name to something more adequate and changed the behaviour to show empty value on an apparmor disabled system.
Signed-off-by: Roberto Muñoz Fernández <robertomf@gmail.com>
go fmt
Signed-off-by: Roberto Muñoz Fernández <robertomf@gmail.com>
This fix updates SwarmKit to 78ae345f449ac69aa741c762df7e5f0020f70275
(from 037b4913929019d44bc927870bf2d92ce9ca261f)
The following issues in docker are related
- Can not update service in host publish mode (#30199) (fixed)
- Add `ReadonlyRootfs` in ContainerSpec for `--read-only` (#29972) (needed)
- Explicitly disallow network pluginv1 creation in swarm mode
(See discussion in docker/swarmkit/pull/1899, docker/swarmkit/pull/1894,
and docker/docker/pull/30332#issuecomment-274277948)
This fix fixes#30199
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
These are arm variants with different argument ordering because of
register alignment requirements.
fix#30516
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
The following command fails when the target directory does not exist.
$ sudo make install DOCKER_MAKE_INSTALL_PREFIX=/opt/docker AUTO_GOPATH=1
KEEPBUNDLE=1 hack/make.sh install-binary
# WARNING! I don't seem to be running in a Docker container.
# The result of this command might be an incorrect build, and will not be
# officially supported.
#
# Try this instead: make all
#
---> Making bundle: install-binary (in bundles/1.14.0-dev/install-binary)
Installing docker to /opt/docker/bin/
cp: cannot create regular file '/opt/docker/bin/': No such file or directory
make: *** [Makefile:119: install] Error 1
The patch installs the target directory before copying any binaries.
$ sudo make install DOCKER_MAKE_INSTALL_PREFIX=/opt/docker AUTO_GOPATH=1
KEEPBUNDLE=1 hack/make.sh install-binary
# WARNING! I don't seem to be running in a Docker container.
# The result of this command might be an incorrect build, and will not be
# officially supported.
#
# Try this instead: make all
#
---> Making bundle: install-binary (in bundles/1.14.0-dev/install-binary)
Installing docker to /opt/docker/bin/
Installing dockerd to /opt/docker/bin/
Installing docker-runc to /opt/docker/bin/
Installing docker-containerd to /opt/docker/bin/
Installing docker-containerd-ctr to /opt/docker/bin/
Installing docker-containerd-shim to /opt/docker/bin/
Installing docker-proxy to /opt/docker/bin/
Installing docker-init to /opt/docker/bin/
Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
The original Compose config loading used the `compose` tag, which
was replaced by mapstructure. Some fields were left on the old tag. This
commit removes the old tag and uses types and mapstructure.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
This fix tries to address the issue raised in 29344 where it was
not possible to create log group for awslogs (CloudWatch) on-demand.
Log group has to be created explicitly before container is running.
This behavior is inconsistent with AWS logs agent where log groups
are always created as needed.
There were several concerns previously (See comments in 19617 and 29344):
1. There is a limit of 500 log groups/account/region so resource might
be exhausted if there is any typo or incorrect region.
2. Logs are generated for every container so CreateLogGroup (or equally,
DescribeLogGroups) might be called every time, which is redundant and
potentially surprising.
3. CreateLogStream and CreateLogGroup have different IAM policies.
This fix addresses the issue by add `--log-opt awslogs-create-group`
which by default is `false`. It requires user to explicitly request
that log groups be created as needed.
Related unit test has been updated. And tests have also been done
manually in AWS.
This fix fixes 29334.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix is a follow up for comment:
https://github.com/docker/docker/pull/28896#issuecomment-265392703
Currently secret name or ID prefix resolving is done at the client
side, which means different behavior of API and CMD.
This fix moves the resolving from client to daemon, with exactly the
same rule:
- Full ID
- Full Name
- Partial ID (prefix)
All existing tests should pass.
This fix is related to #288896, #28884 and may be related to #29125.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
