Brian Goff
233a6379e5
Merge pull request #41522 from thaJeztah/19.03_backport_gcp_leak
...
[19.03 backport] Fix gcplogs memory/connection leak
2020-10-06 14:27:10 -07:00
Patrick Haas
74c0c5b7f1
Fix gcplogs memory/connection leak
...
The cloud logging client should be closed when the log driver is closed. Otherwise dockerd will keep a gRPC connection to the logging endpoint open indefinitely.
This results in a slow leak of tcp sockets (1) and memory (~200Kb) any time that a container using `--log-driver=gcplogs` is terminates.
Signed-off-by: Patrick Haas <patrickhaas@google.com>
(cherry picked from commit ef553e14a4
2020-10-03 00:30:30 +02:00
Tianon Gravi
88623e101c
Merge pull request #41293 from thaJeztah/19.03_backport_fix_getexecuser
...
[19.03 backport] oci: correctly use user.GetExecUser interface
2020-09-25 18:35:14 -07:00
Brian Goff
705762f23c
Merge pull request #41494 from thaJeztah/19.03_backport_aws_sdk_go
...
[19.03 backport] awslogs: Update aws-sdk-go to support IMDSv2
2020-09-25 12:24:39 -07:00
Samuel Karp
5f32bd9ced
awslogs: Update aws-sdk-go to support IMDSv2
...
AWS recently launched a new version of the EC2 Instance Metadata
Service, which is used to provide credentials to the awslogs driver when
running on Amazon EC2. This new version of the IMDS adds
defense-in-depth mechanisms against open firewalls, reverse proxies, and
SSRF vulnerabilities and is generally an improvement over the previous
version. An updated version of the AWS SDK is able to handle the both
the previous version and the new version of the IMDS and functions when
either is enabled.
More information about IMDSv2 is available at the following links:
* https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/
* https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html
Closes https://github.com/moby/moby/issues/40422
Signed-off-by: Samuel Karp <skarp@amazon.com>
(cherry picked from commit 44a8e10bfc
2020-09-25 16:14:50 +02:00
Tibor Vass
bd33bbf049
Merge pull request #41314 from thaJeztah/19.03_backport_fix_racey_logger_test
...
[19.03 backport] test-fixes for flaky test: TestCheckCapacityAndRotate
2020-09-16 07:28:27 -07:00
Tibor Vass
426396f438
Merge pull request #41451 from thaJeztah/19.03_update_buildkit
...
[19.03] vendor: buildkit v0.6.4-32-gdf89d4dc
2020-09-15 16:02:53 -07:00
Tibor Vass
406dba269c
Merge pull request #41446 from thaJeztah/19.03_backport_swagger_fixes
...
[19.03 backport] swagger: fix MemTotal units in SystemInfo endpoint
2020-09-15 16:00:28 -07:00
Tibor Vass
50b33bd3cd
Merge pull request #41312 from thaJeztah/19.03_backport_pass_network_error
...
[19.03 backport] Check for context error that is wrapped in url.Error
2020-09-15 15:56:29 -07:00
Tibor Vass
519462f3df
Merge pull request #41334 from thaJeztah/19.03_backport_bump_golang_1.13.15
...
[19.03 backport] Bump Golang 1.13.15
2020-09-15 15:55:08 -07:00
Tibor Vass
64fffefffa
Merge pull request #40408 from thaJeztah/19.03_backport_update_containerd_1.3
...
[19.03 backport] update containerd binary v1.3.7
2020-09-15 15:54:32 -07:00
Sebastiaan van Stijn
8cf9d50fc0
[19.03] vendor: buildkit v0.6.4-32-gdf89d4dc
...
full diff: https://github.com/moby/buildkit/compare/v0.6.4-28-gda1f4bf1...v0.6.4-32-gdf89d4dc
no local changes in the daemon code
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-15 11:19:58 +02:00
Nikolay Edigaryev
a4e96a486f
swagger: fix MemTotal units in SystemInfo endpoint
...
MemTotal represents bytes, not kilobytes. See Linux[1] and Windows[2]
implementations.
[1]: f50a40e889/pkg/system/meminfo_linux.go (L49)f50a40e889/pkg/system/meminfo_windows.go (L40)13e0ba700a
2020-09-14 14:37:54 +02:00
Sebastiaan van Stijn
9fe291827a
Bump Golang 1.13.15
...
full diff: https://github.com/golang/go/compare/go1.13.14...go1.13.15
go1.13.15 (released 2020/08/06) includes security fixes to the encoding/binary
package. See the Go 1.13.15 milestone on the issue tracker for details.
https://github.com/golang/go/issues?q=milestone%3AGo1.13.15+label%3ACherryPickApproved
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 2a6325e310
2020-08-10 12:16:14 +02:00
Akihiro Suda
a15a770e1b
update containerd to v1.3.7
...
Release note: https://github.com/containerd/containerd/releases/tag/v1.3.7
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
(cherry picked from commit 43d13054c5
2020-08-05 22:40:36 +02:00
Jintao Zhang
9380ec7397
update containerd to v1.3.6
...
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
(cherry picked from commit 85e3dddccd
2020-08-05 22:40:17 +02:00
Jintao Zhang
80cef48453
update containerd to v1.3.5
...
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
(cherry picked from commit 0e915e5413
2020-08-05 22:40:15 +02:00
Jintao Zhang
fc8f88dc14
update containerd to v1.3.4
...
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
(cherry picked from commit fbaaca6351
2020-08-05 22:40:13 +02:00
Sebastiaan van Stijn
89a4208757
update containerd binary to v1.3.3
...
full diff: https://github.com/containerd/containerd/compare/v1.3.2...v1.3.3
release notes: https://github.com/containerd/containerd/releases/tag/v1.3.3
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 27649ee44f
2020-08-05 22:40:11 +02:00
Jintao Zhang
490c45b756
Update containerd to v1.3.2
...
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
(cherry picked from commit 7f809e1080
2020-08-05 22:40:09 +02:00
Jintao Zhang
56d897347d
Update containerd to v1.3.1
...
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
(cherry picked from commit 517946eb47
2020-08-05 22:40:07 +02:00
Derek McGowan
d4c63720e9
update containerd binary v1.3.0
...
full diff: https://github.com/containerd/containerd/compare/v1.2.8..v1.3.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
(cherry picked from commit 6c94a50f41
2020-08-05 22:40:04 +02:00
Brian Goff
ec14dc44d1
Fix log file rotation test.
...
The test was looking for the wrong file name.
Since compression happens asyncronously, sometimes the test would
succeed and sometimes fail.
This change makes sure to wait for the compressed version of the file
since we can't know when the compression is going to occur.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit c6d860ace6
2020-08-05 12:48:27 +02:00
Brian Goff
a958fc3e65
Fix flakey test for log file rotate.
...
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 5ea5c02c88
2020-08-05 12:48:17 +02:00
Evgeniy Makhrov
89da709cb7
Check for context error that is wrapped in url.Error
...
Signed-off-by: Evgeniy Makhrov <e.makhrov@corp.badoo.com>
(cherry picked from commit 8ccb46a521
2020-08-04 17:44:42 +02:00
Tibor Vass
88820a4793
Merge pull request #41287 from thaJeztah/19.03_backport_bump_netns
...
[19.03 backport] vendor: vishvananda/netns db3c7e526aae966c4ccfa6c8189b693d6ac5d202
2020-07-31 12:30:33 +02:00
Aleksa Sarai
83baeafc3c
oci: correctly use user.GetExecUser interface
...
A nil interface in Go is not the same as a nil pointer that satisfies
the interface. libcontainer/user has special handling for missing
/etc/{passwd,group} files but this is all based on nil interface checks,
which were broken by Docker's usage of the API.
When combined with some recent changes in runc that made read errors
actually be returned to the caller, this results in spurrious -EINVAL
errors when we should detect the situation as "there is no passwd file".
Signed-off-by: Aleksa Sarai <asarai@suse.de>
(cherry picked from commit 3108ae6226
2020-07-29 16:04:23 +02:00
Sebastiaan van Stijn
dae08c333e
vendor: vishvananda/netns db3c7e526aae966c4ccfa6c8189b693d6ac5d202
...
full diff: 0a2b9b5464...db3c7e526a818bad6ef2
2020-07-29 12:48:55 +02:00
Sebastiaan van Stijn
93cb737687
[19.03] vendor: vishvananda/netns 0a2b9b5464df8343199164a0321edf3313202f7e
...
Same update as was vendored in e26e1cc5c17109fa855b...0a2b9b5464
2020-07-29 12:46:12 +02:00
Tibor Vass
7d597ee2c9
Merge pull request #41273 from thaJeztah/19.03_backport_swagger_fixes
...
[19.03 backport] Assorted swagger fixes
2020-07-28 14:30:31 +02:00
Tibor Vass
22c458b67c
Merge pull request #41274 from thaJeztah/19.03_backport_Double_RLock
...
[19.03 backport] plugin: fix a double RLock bug
2020-07-28 14:27:10 +02:00
Tibor Vass
8b97280f11
Merge pull request #41279 from thaJeztah/19.03_bump_buildkit
...
[19.03] vendor: moby/buildkit v0.6.4-28-gda1f4bf1
2020-07-28 14:25:15 +02:00
Sebastiaan van Stijn
eda52d433e
[19.03] vendor: moby/buildkit v0.6.4-28-gda1f4bf1
...
full diff: a1e4f48e71...da1f4bf179
2020-07-28 13:16:50 +02:00
Sebastiaan van Stijn
168254fcfa
Merge pull request #41277 from AkihiroSuda/rootlesskit-0.10.0-1903
...
[19.03 backport] bump up rootlesskit to v0.10.0
2020-07-28 11:25:20 +02:00
Akihiro Suda
9dc455dffb
bump up rootlesskit to v0.10.0
...
Fix port forwarder resource leak (https://github.com/rootless-containers/rootlesskit/issues/153 ).
Changes: https://github.com/rootless-containers/rootlesskit/compare/v0.9.5...v0.10.0
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
(cherry picked from commit 5bc41368d9
2020-07-28 17:01:10 +09:00
Akihiro Suda
c200868fa2
Merge pull request #41271 from thaJeztah/19.03_backport_remove_dockerproject_from_tests
...
[19.03 backport] Remove apt.dockerproject.org from test
2020-07-28 16:44:42 +09:00
Sebastiaan van Stijn
9eade7d03c
docs: API v1.39: move system version response to definitions
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f2cc755f66
2020-07-28 09:36:34 +02:00
Sebastiaan van Stijn
4685e9ef72
docs: API v1.40: move system version response to definitions
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit e221931ccd
2020-07-28 09:36:25 +02:00
Sebastiaan van Stijn
d8f22d0307
swagger: move system version response to definitions
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit d4c4323e54
2020-07-28 09:36:16 +02:00
Ziheng Liu
32366de5f9
plugin: fix a double RLock bug
...
Signed-off-by: Ziheng Liu <lzhfromustc@gmail.com>
(cherry picked from commit 34837febc4
2020-07-28 09:28:25 +02:00
Sebastiaan van Stijn
ad0278f002
docs: API v1.39: fix type for BuildCache CreatedAt and LastUsedAt
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9a6402d761
2020-07-28 09:22:10 +02:00
Sebastiaan van Stijn
cb8b7a282d
docs: API v1.40: fix type for BuildCache CreatedAt and LastUsedAt
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit a305abb1d1
2020-07-28 09:22:04 +02:00
Sebastiaan van Stijn
e1ae07b7a0
swagger: fix type for BuildCache CreatedAt and LastUsedAt
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 61b770a63d
2020-07-28 09:22:01 +02:00
Tibor Vass
d49278cc17
Merge pull request #41269 from thaJeztah/19.03_update_buildkit
...
[19.03] vendor: moby/buildkit v0.6.4-26-ga1e4f48e
2020-07-28 00:15:13 +02:00
Sebastiaan van Stijn
892c228219
Remove apt.dockerproject.org from test
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit aa225972df
2020-07-28 00:14:46 +02:00
Brian Goff
a7e309944b
Merge pull request #41248 from thaJeztah/19.03_backport_swagger_updates
2020-07-27 12:02:16 -07:00
Sebastiaan van Stijn
765245d54b
[19.03] vendor: moby/buildkit v0.6.4-26-ga1e4f48e
...
full diff: 4cb720ef64...a1e4f48e71moby/buildkit#1596 and moby/buildkit#1598 :
- Add --force flag in git fetch command
- Fix socket handling during copy (Treat unix sockets as regular files)
- Remotecache: Only visit each item once when walking results.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-07-27 20:17:05 +02:00
Akihiro Suda
2d4bfdc789
Merge pull request #41081 from thaJeztah/19.03_backport_fix_sandbox_cleanup
...
[19.03 backport] allocateNetwork: fix network sandbox not cleaned up on failure
2020-07-26 16:17:32 +09:00
Tibor Vass
b990b6c2b0
Merge pull request #41235 from thaJeztah/19.03_backport_bump_golang_1.13.14
...
[19.03 backport] Bump Golang 1.13.14
2020-07-23 15:43:41 +02:00
Sebastiaan van Stijn
4d9397c268
swagger: sync updates to v1.39
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit a8b2272ab3
2020-07-23 13:55:09 +02:00
