Jessica Frazelle
327421d1df
add more seccomp profile tests
...
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2015-12-30 17:30:44 -08:00
Jessica Frazelle
626c933730
cleanup jess/unshare image
...
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2015-12-30 16:20:05 -08:00
David Calavera
102eb03c68
Merge pull request #18999 from tonistiigi/fix-comment-in-inspect
...
Fix missing comment in docker inspect
2015-12-30 15:07:04 -08:00
Jess Frazelle
83a194e2dd
Merge pull request #19003 from calavera/fix_windows_build
...
Move test out of the windows build.
2015-12-30 14:37:28 -08:00
David Calavera
9aad7d209f
Move test out of the windows build.
...
Because it can still run on windows server and fail because it doesn't
have `chown`.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-30 16:36:48 -05:00
Sebastiaan van Stijn
2c3d1a9b12
Merge pull request #18964 from hqhq/hq_fix_memory_swap_doc2
...
Fix docs for memory-swap
2015-12-30 21:01:48 +01:00
Tonis Tiigi
d32f43013b
Fix missing comment in docker inspect
...
Fixes #18571
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-12-30 11:52:53 -08:00
David Calavera
56f8b051eb
Merge pull request #18158 from mauri/add_owner
...
ADD files to a folder doesn't set correct UID and GID
2015-12-30 11:19:15 -08:00
David Calavera
51fa287368
Merge pull request #18714 from jecarey/16756-docker_cli_pull_test
...
Use of checkers in docker_cli_pull_test.go
2015-12-30 10:00:41 -08:00
David Calavera
f962aac1ec
Merge pull request #18991 from qq690388648/master
...
replace the os.Stdout with stdout to adapt platform
2015-12-30 09:55:02 -08:00
Sebastiaan van Stijn
3b605b5926
Merge pull request #18764 from donovan/fix-networkingcontainers-ip-addresses
...
fix incorrect ip addresses in networkingcontainers
2015-12-30 17:49:08 +01:00
Jess Frazelle
3be1a80f1a
Merge pull request #18987 from tianon/armhf
...
Rename Dockerfile.arm to Dockerfile.armhf to more clearly reflect the specific subversion of ARM it targets
2015-12-30 08:21:52 -08:00
Arnaud Porterie
1dd4a2a966
Merge pull request #18994 from thaJeztah/add-new-impact-labels
...
add new impact/distribution label
2015-12-30 08:19:07 -08:00
David Calavera
708f98f5f9
Merge pull request #18952 from coolljt0725/fix_stats_update
...
Fix docker stats show wrong memory limit when do docker update
2015-12-30 08:17:42 -08:00
Sebastiaan van Stijn
9860effc4e
Merge pull request #18984 from coolljt0725/fix_daemon_start
...
Fix daemon failed to start with error "layer does not exist"
2015-12-30 16:52:41 +01:00
Mauricio Garavaglia
b638bc6f17
Fix files ownership when ADD is used
...
Signed-off-by: Mauricio Garavaglia <mauriciogaravaglia@gmail.com>
2015-12-30 11:35:19 -03:00
Vincent Demeester
c4486e48f2
Merge pull request #18985 from hqhq/hq_handle_dockerCmdInDir
...
Handle error for dockerCmdInDir
2015-12-30 15:25:20 +01:00
Sebastiaan van Stijn
ac0180620d
add new impact/distribution label
...
Adds the new label to the documentation. The
impact/distribution label is intended for changes
that affect the image-format or interaction
with the registry (distribution).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2015-12-30 13:53:46 +01:00
Sebastiaan van Stijn
024eead82f
Merge pull request #18925 from thaJeztah/please-dont-plus-one
...
Be more explicit about "+1" comments
2015-12-30 11:41:32 +01:00
qq690388648
1cb9b0745c
replace the os.Stdout with stdout to adapt platform
...
Signed-off-by: Sun Gengze <690388648@qq.com>
2015-12-30 18:24:02 +08:00
Tianon Gravi
dc38061bee
Rename Dockerfile.arm to Dockerfile.armhf to more clearly reflect the specific subversion of ARM it targets
...
Also, fix up some minor whitespace consistency issues, remove a little cruft, and update GOARM for armhf to 7 so that we're explicit.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
2015-12-30 01:30:56 -08:00
Qiang Huang
1b34008532
Handle error for dockerCmdInDir
...
Only two of these are not handled, the one in `TestBuildForceRm`
is intended to not be handled, while the other one in
`TestBuildResourceConstraintsAreUsed` causes problem.
In test case `TestBuildResourceConstraintsAreUsed`, somehow we
are not able to access network to get base image, but the error
message is:
```
Error: failed to inspect container : Unable to read inspect data: json: cannot unmarshal array into Go value of type types.ContainerJSON
```
Totally confusion.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-12-30 15:21:34 +08:00
Lei Jitang
72d3d1ef85
Fix daemon failed to start with error "layer does not exist"
...
Signed-off-by: Lei Jitang <leijitang@huawei.com>
2015-12-30 14:19:31 +08:00
Brian Goff
135180bc4c
Merge pull request #18981 from calavera/stop_using_sockets_package
...
Remove pkg sockets and tlsconfig.
2015-12-29 22:22:11 -05:00
Lei Jitang
518ed75e1a
Fix docker stats show wrong memory limit when do docker update
...
When a container create with -m 100m and then docker update other
cgroup settings such as --cpu-quota, the memory limit show by
docker stats will become the default value but not the 100m.
Signed-off-by: Lei Jitang <leijitang@huawei.com>
2015-12-29 20:33:16 -05:00
Qiang Huang
c68a483e44
Fix docs for memory-swap
...
Fixes : #18894
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-12-30 09:23:35 +08:00
David Calavera
8e034802b7
Remove usage of pkg sockets and tlsconfig.
...
- Use the ones provided by docker/go-connections, they are a drop in replacement.
- Remove pkg/sockets from docker.
- Keep pkg/tlsconfig because libnetwork still needs it and there is a
circular dependency issue.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-29 19:27:12 -05:00
moxiegirl
de84dfba75
Merge pull request #18627 from londoncalling/cloud-installs
...
[WIP] docs updates per issue 18282 cloud installs
2015-12-29 14:54:18 -08:00
Sebastiaan van Stijn
1614a86520
Merge pull request #18978 from tswift242/fix-daemon-storage-doc-typo
...
Fix typo in daemon storage-driver docs
2015-12-29 23:33:05 +01:00
David Calavera
acffc79fe4
Merge pull request #18965 from duglin/FixError
...
Fix error messages
2015-12-29 14:12:22 -08:00
Thomas Swift
c44a8d8d8c
Fix typo in daemon storage-driver docs
...
Signed-off-by: Thomas Swift <tgs242@gmail.com>
2015-12-29 17:06:02 -05:00
Jess Frazelle
abc695d9d5
Merge pull request #18974 from jfrazelle/remove-seccomp-from-seccomp-profile
...
remove seccomp from seccomp profile
2015-12-29 13:15:14 -08:00
Arnaud Porterie
7b540ee653
Merge pull request #18877 from dnephin/move_graph_driver_to_layer_store
...
Move graph driver to layer store
2015-12-29 12:19:02 -08:00
Arnaud Porterie
a81e438544
Merge pull request #18969 from justincormack/vm86
...
Block vm86 syscalls in default seccomp profile
2015-12-29 11:57:35 -08:00
Arnaud Porterie
2307f47fdd
Merge pull request #18972 from justincormack/bpf
...
Block bpf syscall from default seccomp profile
2015-12-29 11:57:07 -08:00
Arnaud Porterie
e01cab1cc5
Merge pull request #18971 from justincormack/ptrace
...
Block additional ptrace related syscalls in default seccomp profile
2015-12-29 11:56:51 -08:00
Arnaud Porterie
3858027e27
Merge pull request #18933 from coolljt0725/always_build
...
Add DOCKER_BUILD_ARGS env to pass build-arg for building deb and rpm
2015-12-29 11:53:06 -08:00
Jessica Frazelle
b610fc226a
remove seccomp from seccomp profile
...
This can be allowed because it should only restrict more per the seccomp docs, and multiple apps use it today.
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2015-12-29 11:21:33 -08:00
Jess Frazelle
194e69507b
Merge pull request #18949 from jfrazelle/fix-libseccomp-version
...
fix libseccomp where version < 2.2.1
2015-12-29 10:58:10 -08:00
Arnaud Porterie
94e0760868
Merge pull request #18947 from jfrazelle/fix-seccomp-unsupported
...
fix default profile where unsupported
2015-12-29 10:21:07 -08:00
Arnaud Porterie
afdc4747dc
Merge pull request #18953 from justincormack/robust_list
...
Allow use of robust list syscalls in default seccomp policy
2015-12-29 10:19:41 -08:00
Arnaud Porterie
a32b06b067
Merge pull request #18956 from justincormack/umount
...
Block original umount syscall in default seccomp filter
2015-12-29 10:19:04 -08:00
Justin Cormack
a0a8ca0ae0
Block additional ptrace related syscalls in default seccomp profile
...
Block kcmp, procees_vm_readv, process_vm_writev.
All these require CAP_PTRACE, and are only used for ptrace related
actions, so are not useful as we block ptrace.
Signed-off-by: Justin Cormack <justin.cormack@unikernel.com>
2015-12-29 18:17:28 +00:00
David Calavera
3ec3597d58
Merge pull request #18950 from zhanghuanzhong/docker-fix-pull-image-log-info
...
Print the registry name while pulling an image
2015-12-29 10:16:05 -08:00
Arnaud Porterie
ad8bce2ce4
Merge pull request #18959 from justincormack/finit_module
...
Deny finit_module in default seccomp profile
2015-12-29 10:12:50 -08:00
Arnaud Porterie
8ac3d083a8
Merge pull request #18961 from justincormack/clock_adjtime
...
Block clock_adjtime in default seccomp config
2015-12-29 10:08:45 -08:00
Arnaud Porterie
294336a1af
Merge pull request #18968 from justincormack/stime
...
Block stime in default seccomp profile
2015-12-29 10:07:40 -08:00
Justin Cormack
33568405f3
Block bpf syscall from default seccomp profile
...
The bpf syscall can load code into the kernel which may
persist beyond container lifecycle. Requires CAP_SYS_ADMIN
already.
Signed-off-by: Justin Cormack <justin.cormack@unikernel.com>
2015-12-29 17:28:30 +00:00
Tianon Gravi
31bd242cba
Merge pull request #18728 from hypriot/update-dockerfile-for-arm
...
update Dockerfile.arm to reflect latest changes in main Dockerfile
2015-12-29 09:24:29 -08:00
Jessica Frazelle
35667c3826
add note to packagers.md about libseccomp version
...
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2015-12-29 08:47:20 -08:00