Commit graph

349 commits

Author SHA1 Message Date
Paweł Gronowski
5bbcc41c20
volumes/subpath: Plumb context
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-01-19 17:32:21 +01:00
Paweł Gronowski
bfb810445c
volumes: Implement subpath mount
`VolumeOptions` now has a `Subpath` field which allows to specify a path
relative to the volume that should be mounted as a destination.

Symlinks are supported, but they cannot escape the base volume
directory.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-01-19 17:32:10 +01:00
Paweł Gronowski
9c8752505f
volume/mounts: Rename errors in defer block
To make it easier to distinguish if an output variable is modified.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-01-19 17:27:15 +01:00
Jeongseok Kang
36dd2f029f doc: Correct typo in doc comments for volume/mounts/mounts/MountPoint
Signed-off-by: Jeongseok Kang <piono623@naver.com>
2024-01-15 09:25:09 +09:00
Rob Murray
baca6cb417 Don't allow port in CIFS URL
When creating a CIFS volume, generate an error if the device URL
includes a port number, for example:
   --opt device="//some.server.com:2345/thepath"

The port must be specified in the port option instead, for example:
    --opt o=username=USERNAME,password=PASSWORD,vers=3,sec=ntlmsspi,port=1234

Signed-off-by: Rob Murray <rob.murray@docker.com>
2023-12-04 10:08:09 +00:00
Michael Kebe
8ae94cafa5 cifs volume resolves hostname correctly.
Co-authored-by: Paweł Gronowski <me@woland.xyz>
Signed-off-by: Michael Kebe <michael.kebe@gmail.com>
2023-11-30 11:32:04 +01:00
Sebastiaan van Stijn
cff4f20c44
migrate to github.com/containerd/log v0.1.0
The github.com/containerd/containerd/log package was moved to a separate
module, which will also be used by upcoming (patch) releases of containerd.

This patch moves our own uses of the package to use the new module.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-11 17:52:23 +02:00
Sebastiaan van Stijn
9c4e82435e
Merge pull request #46351 from thaJeztah/api_events_actions_enum
api/types/events: define "Action" type and consts
2023-09-05 11:11:42 +02:00
Paweł Gronowski
2689484402
volume/local: Don't unmount, restore mounted status
On startup all local volumes were unmounted as a cleanup mechanism for
the non-clean exit of the last engine process.

This caused live-restored volumes that used special volume opt mount
flags to be broken. While the refcount was restored, the _data directory
was just unmounted, so all new containers mounting this volume would
just have the access to the empty _data directory instead of the real
volume.

With this patch, the mountpoint isn't unmounted. Instead, if the volume
is already mounted, just mark it as mounted, so the next time Mount is
called only the ref count is incremented, but no second attempt to mount
it is performed.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2023-08-29 14:16:37 +02:00
Sebastiaan van Stijn
0f871f8cb7
api/types/events: define "Action" type and consts
Define consts for the Actions we use for events, instead of "ad-hoc" strings.
Having these consts makes it easier to find where specific events are triggered,
makes the events less error-prone, and allows documenting each Action (if needed).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-29 00:38:08 +02:00
Paweł Gronowski
7f965d55c7
volume/local: Fix debug log typo
Active count is incremented, but message claimed the opposite.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2023-08-18 11:38:50 +02:00
Paweł Gronowski
435ecfe6e0
test/volume: Replace Check with NilError where suitable
In these cases, continuing after a non nil error will result in a nil
dereference in panic.
Change the `assert.Check` to `assert.NilError` to avoid that.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2023-08-10 11:18:56 +02:00
Sebastiaan van Stijn
3e52785aae
volume/drivers: use plugin Content-Type headers v1.2
The MediaType was changed twice in;

- b3b7eb2723 ("application/vnd.docker.plugins.v1+json"   -> "application/vnd.docker.plugins.v1.1+json")
- 54587d861d ("application/vnd.docker.plugins.v1.1+json" -> "application/vnd.docker.plugins.v1.2+json")

But the (integration) tests were still using the old version, so let's
use the VersionMimeType const that's defined, and use the updated version.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-07 20:38:54 +02:00
Sebastiaan van Stijn
5e2a1195d7
swap logrus types for their containerd/logs aliases
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-01 13:02:55 +02:00
Sebastiaan van Stijn
d69b1fdb72
volume/mounts: cleanup tests
- don't use un-keyed structs
- user assert.Check where possible
- use consts for fixed values

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-27 15:00:13 +02:00
Akihiro Suda
483a1933a2
volume: remove the short RRO forms in favor of the long forms
"ro-non-recursive", "ro-force-recursive", and "rro" are
now removed from the legacy mount API.

CLI may still support them via the new mount API (if we want).

Follow-up to PR 45278

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2023-07-20 22:34:09 +09:00
Sebastiaan van Stijn
4c281fb29a
volume: format code with gofumpt
Formatting the code with https://github.com/mvdan/gofumpt

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-29 00:05:23 +02:00
Brian Goff
647c2a6cdd Restore active mount counts on live-restore
When live-restoring a container the volume driver needs be notified that
there is an active mount for the volume.
Before this change the count is zero until the container stops and the
uint64 overflows pretty much making it so the volume can never be
removed until another daemon restart.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-06-27 16:33:23 +00:00
Brian Goff
74da6a6363 Switch all logging to use containerd log pkg
This unifies our logging and allows us to propagate logging and trace
contexts together.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2023-06-24 00:23:44 +00:00
Akihiro Suda
5045a2de24
Support recursively read-only (RRO) mounts
`docker run -v /foo:/foo:ro` is now recursively read-only on kernel >= 5.12.

Automatically falls back to the legacy non-recursively read-only mount mode on kernel < 5.12.

Use `ro-non-recursive` to disable RRO.
Use `ro-force-recursive` or `rro` to explicitly enable RRO. (Fails on kernel < 5.12)

Fix issue 44978
Fix docker/for-linux issue 788

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2023-05-26 01:58:24 +09:00
Sebastiaan van Stijn
ab35df454d
remove pre-go1.17 build-tags
Removed pre-go1.17 build-tags with go fix;

    go mod init
    go fix -mod=readonly ./...
    rm go.mod

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-19 20:38:51 +02:00
Sebastiaan van Stijn
da8e07edb5
volume/service: inline filters in tests
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-25 15:17:25 +02:00
Paweł Gronowski
a654cbfd2f
Use GetBoolOrDefault to remove duplicated invalidFilter usages
The pattern of parsing bool was repeated across multiple files and
caused the duplication of the invalidFilter error helper.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2023-01-26 16:28:53 +01:00
Sebastiaan van Stijn
01fd23b625
Fix volume CreatedAt being altered on initialization
The CreatedAt date was determined from the volume's `_data`
directory (`/var/lib/docker/volumes/<volumename>/_data`).
However, when initializing a volume, this directory is updated,
causing the date to change.

Instead of using the `_data` directory, use its parent directory,
which is not updated afterwards, and should reflect the time that
the volume was created.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2023-01-03 16:57:04 +01:00
Sebastiaan van Stijn
64adea1ce1
volume: use strings.Cut() and minor refactor
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-21 11:09:00 +01:00
AdamKorcz
93fa093122
testing: move fuzzers over from OSS-Fuzz
Signed-off-by: AdamKorcz <adam@adalogics.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-30 17:31:03 +01:00
Paweł Gronowski
dec81e489f
daemon/disk_usage: Use context aware singleflight
The singleflight function was capturing the context.Context of the first
caller that invoked the `singleflight.Do`. This could cause all
concurrent calls to be cancelled when the first request is cancelled.

singleflight calls were also moved from the ImageService to Daemon, to
avoid having to implement this logic in both graphdriver and containerd
based image services.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2022-11-29 16:46:19 +01:00
Brian Goff
618f26ccbc Volume prune: only prune anonymous volumes by default
This adds a new filter argument to the volume prune endpoint "all".
When this is not set, or it is a false-y value, then only anonymous
volumes are considered for pruning.

When `all` is set to a truth-y value, you get the old behavior.

This is an API change, but I think one that is what most people would
want.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-10-04 20:55:13 +00:00
Sebastiaan van Stijn
188724a597
volume: fix empty-lines (revive)
volume/mounts/parser_test.go:42:39: empty-lines: extra empty line at the end of a block (revive)
    volume/mounts/windows_parser.go:129:24: empty-lines: extra empty line at the end of a block (revive)
    volume/local/local_test.go:16:35: empty-lines: extra empty line at the end of a block (revive)
    volume/local/local_unix.go:145:3: early-return: if c {...} else {... return } can be simplified to if !c { ... return } ... (revive)
    volume/service/service_test.go:18:38: empty-lines: extra empty line at the end of a block (revive)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-28 01:58:50 +02:00
Sebastiaan van Stijn
2f1c382a6d
golangci-lint: update to v1.49.0
Remove the "deadcode", "structcheck", and "varcheck" linters, as they are
deprecated:

    WARN [runner] The linter 'deadcode' is deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter.  Replaced by unused.
    WARN [runner] The linter 'structcheck' is deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter.  Replaced by unused.
    WARN [runner] The linter 'varcheck' is deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter.  Replaced by unused.
    WARN [linters context] structcheck is disabled because of generics. You can track the evolution of the generics support by following the https://github.com/golangci/golangci-lint/issues/2649.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-23 23:31:27 +02:00
Sebastiaan van Stijn
31fb92c609
linting: gosec: fix or suppress G112, G114 in test code
Updating test-code only; set ReadHeaderTimeout for some, or suppress the linter
error for others.

     contrib/httpserver/server.go:11:12: G114: Use of net/http serve function that has no support for setting timeouts (gosec)
        log.Panic(http.ListenAndServe(":80", nil))
                  ^
     integration/plugin/logging/cmd/close_on_start/main.go:42:12: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
        server := http.Server{
            Addr:    l.Addr().String(),
            Handler: mux,
        }
     integration/plugin/logging/cmd/discard/main.go:17:12: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
        server := http.Server{
            Addr:    l.Addr().String(),
            Handler: mux,
        }
     integration/plugin/logging/cmd/dummy/main.go:14:12: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
        server := http.Server{
            Addr:    l.Addr().String(),
            Handler: http.NewServeMux(),
        }
     integration/plugin/volumes/cmd/dummy/main.go:14:12: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
        server := http.Server{
            Addr:    l.Addr().String(),
            Handler: http.NewServeMux(),
        }
     testutil/fixtures/plugin/basic/basic.go:25:12: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
        server := http.Server{
            Addr:    l.Addr().String(),
            Handler: http.NewServeMux(),
        }
     volume/testutils/testutils.go:170:5: G114: Use of net/http serve function that has no support for setting timeouts (gosec)
        go http.Serve(l, mux)
           ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-04 15:36:51 +02:00
Sebastiaan van Stijn
4f08346686
fix formatting of "nolint" tags for go1.19
The correct formatting for machine-readable comments is;

    //<some alphanumeric identifier>:<options>[,<option>...][ // comment]

Which basically means:

- MUST NOT have a space before `<identifier>` (e.g. `nolint`)
- Identified MUST be alphanumeric
- MUST be followed by a colon
- MUST be followed by at least one `<option>`
- Optionally additional `<options>` (comma-separated)
- Optionally followed by a comment

Any other format will not be considered a machine-readable comment by `gofmt`,
and thus formatted as a regular comment. Note that this also means that a
`//nolint` (without anything after it) is considered invalid, same for `//#nosec`
(starts with a `#`).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-13 22:31:53 +02:00
Sebastiaan van Stijn
52c1a2fae8
gofmt GoDoc comments with go1.19
Older versions of Go don't format comments, so committing this as
a separate commit, so that we can already make these changes before
we upgrade to Go 1.19.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-08 19:56:23 +02:00
Sebastiaan van Stijn
c2e32c144c
volumes/service: NewStore: add more context to error
Adding some more context to errors to debug a failure in TestDaemonEvents

    === RUN   TestDockerDaemonSuite/TestDaemonEvents
    docker_cli_events_unix_test.go:399: [dd34383dd9b63] failed to start daemon with arguments [--data-root /go/src/github.com/docker/docker/bundles/test-integration/TestDockerDaemonSuite/TestDaemonEvents/dd34383dd9b63/root --exec-root /tmp/dxr/dd34383dd9b63 --pidfile /go/src/github.com/docker/docker/bundles/test-integration/TestDockerDaemonSuite/TestDaemonEvents/dd34383dd9b63/docker.pid --userland-proxy=true --containerd-namespace dd34383dd9b63 --containerd-plugins-namespace dd34383dd9b63p --containerd /var/run/docker/containerd/containerd.sock --host unix:///tmp/docker-integration/dd34383dd9b63.sock --debug --storage-driver overlay2 --config-file=test.json] : [dd34383dd9b63] daemon exited during startup: exit status 1
    check_test.go:307: [dd34383dd9b63] daemon is not started
    --- FAIL: TestDockerDaemonSuite/TestDaemonEvents (1.59s)

daemon logs:

    level=info  msg="Starting up"
    level=debug msg="Listener created for HTTP on unix (/tmp/docker-integration/dd34383dd9b63.sock)"
    level=debug msg="Golang's threads limit set to 55530"
    level=info  msg="[core] original dial target is: \"unix:///var/run/docker/containerd/containerd.sock\"" module=grpc
    level=info  msg="[core] parsed dial target is: {Scheme:unix Authority: Endpoint:var/run/docker/containerd/containerd.sock URL:{Scheme:unix Opaque: User: Host: Path:/var/run/docker/containerd/containerd.sock RawPath: ForceQuery:false RawQuery: Fragment: RawFragment:}}" module=grpc
    level=info  msg="[core] Channel authority set to \"localhost\"" module=grpc
    level=info  msg="[core] ccResolverWrapper: sending update to cc: {[{/var/run/docker/containerd/containerd.sock  0xc000010898 <nil> 0 <nil>}] <nil> <nil>}" module=grpc
    level=info  msg="[core] ClientConn switching balancer to \"pick_first\"" module=grpc
    level=info  msg="[core] Channel switches to new LB policy \"pick_first\"" module=grpc
    level=info  msg="[core] Subchannel Connectivity change to CONNECTING" module=grpc
    level=info  msg="[core] Subchannel picks a new address \"/var/run/docker/containerd/containerd.sock\" to connect" module=grpc
    level=debug msg="metrics API listening on /var/run/docker/metrics.sock"
    level=info  msg="[core] Channel Connectivity change to CONNECTING" module=grpc
    level=info  msg="[core] Subchannel Connectivity change to READY" module=grpc
    level=info  msg="[core] Channel Connectivity change to READY" module=grpc
    level=info  msg="[core] original dial target is: \"unix:///var/run/docker/containerd/containerd.sock\"" module=grpc
    level=info  msg="[core] parsed dial target is: {Scheme:unix Authority: Endpoint:var/run/docker/containerd/containerd.sock URL:{Scheme:unix Opaque: User: Host: Path:/var/run/docker/containerd/containerd.sock RawPath: ForceQuery:false RawQuery: Fragment: RawFragment:}}" module=grpc
    level=info  msg="[core] Channel authority set to \"localhost\"" module=grpc
    level=info  msg="[core] ccResolverWrapper: sending update to cc: {[{/var/run/docker/containerd/containerd.sock  0xc00045ece8 <nil> 0 <nil>}] <nil> <nil>}" module=grpc
    level=info  msg="[core] ClientConn switching balancer to \"pick_first\"" module=grpc
    level=info  msg="[core] Channel switches to new LB policy \"pick_first\"" module=grpc
    level=info  msg="[core] Subchannel Connectivity change to CONNECTING" module=grpc
    level=info  msg="[core] Subchannel picks a new address \"/var/run/docker/containerd/containerd.sock\" to connect" module=grpc
    level=info  msg="[core] Channel Connectivity change to CONNECTING" module=grpc
    level=info  msg="[core] Subchannel Connectivity change to READY" module=grpc
    level=info  msg="[core] Channel Connectivity change to READY" module=grpc
    level=debug msg="Using default logging driver json-file"
    level=info  msg="[graphdriver] trying configured driver: overlay2"
    level=debug msg="processing event stream" module=libcontainerd namespace=plugins.moby
    level=debug msg="successfully detected metacopy status" storage-driver=overlay2 usingMetacopy=false
    level=debug msg="backingFs=extfs, projectQuotaSupported=false, usingMetacopy=false, indexOff=\"index=off,\", userxattr=\"\"" storage-driver=overlay2
    level=debug msg="Initialized graph driver overlay2"
    level=debug msg="No quota support for local volumes in /var/lib/docker/volumes: Filesystem does not support, or has not enabled quotas"
    level=info  msg="[core] Channel Connectivity change to SHUTDOWN" module=grpc
    level=info  msg="[core] Subchannel Connectivity change to SHUTDOWN" module=grpc
    level=debug msg="Cleaning up old mountid : start."
    failed to start daemon: error while opening volume store metadata database: timeout

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-06-21 13:34:00 +02:00
Sebastiaan van Stijn
cd58d11b2a
volume/local.New(): extract loading options to a function
Note that Windows does not support options, so strictly doesn't need
to have this code, but keeping it in case we're adding support.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-06-03 00:34:29 +02:00
Sebastiaan van Stijn
7e907e29a3
volume/local.New() always unmount existing mounts
Unmounting does not depend on wether or not loading options failed.

This code-path seemed to be used as a "hack" to prevent hitting the
unmount on Windows (which does not support unmounting).

Moving it outside of the "if" to make more clear that it's independent
of loading the options.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-06-03 00:34:27 +02:00
Sebastiaan van Stijn
c0f0cf6c19
volume/local: extract saving options to a separate method
Differentiate between Windows and Linux, as Windows doesn't support
options, so there's no need to save options to disk,

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-06-03 00:34:25 +02:00
Sebastiaan van Stijn
d3930330a7
volume/local: store both volume's "data" and "root" path
Instead of evaluating these paths each time (appending `_data`, or using
`filepath.Dir()` to find the root path from the `_data_` path).

This also removes the `root.DataPath()` utility, which is now no longer needed.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-06-03 00:34:24 +02:00
Sebastiaan van Stijn
e106e3f5c6
volume/local: make "validateOpts()" a method on Root
This way we can validate if Root supports quotaCtl, allowing us to
fail early, before creating any of the directories.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-06-03 00:34:22 +02:00
Sebastiaan van Stijn
29c6224fe9
volume/local.Create(): validate early
This moves validation of options to the start of the Create function
to prevent hitting the filesystem and having to remove the volume
from disk.

Also addressing some minor nits w.r.t. errors.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-06-03 00:34:21 +02:00
Sebastiaan van Stijn
a77b90c35e
volume/local: make setOpts() a method of localVolume
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-06-03 00:34:19 +02:00
Sebastiaan van Stijn
b56fc2d0f8
volume/local.New(): don't register volume before we're done
Loading options may fail, in which case we don't have to add
the volume to the list.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-06-03 00:34:17 +02:00
Sebastiaan van Stijn
eecf7a0840
volume/local: localVolume.mount() move errors.Wrap()
While the current code is correct (as errors.Wrap() returns nil if
err is nil), relying on this behavior has caused some confusion in
the past, resulting in regressions.

This patch makes the error-handling code slightly more idiomatic and
defensive against such regressions.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-06-03 00:34:16 +02:00
Sebastiaan van Stijn
c1671abf14
volume/local: add test for validation
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-06-03 00:34:08 +02:00
Sebastiaan van Stijn
553b0edb4c
fix unclosed file-handles in tests
These seemed to prevent cleaning up directories;

On arm64:

    === RUN   TestSysctlOverride
        testing.go:1090: TempDir RemoveAll cleanup: unlinkat /tmp/TestSysctlOverride2860094781/001/mounts/shm: device or resource busy
    --- FAIL: TestSysctlOverride (0.00s)

On Windows:

    === Failed
    === FAIL: github.com/docker/docker/daemon TestLoadOrCreateTrustKeyInvalidKeyFile (0.00s)
        testing.go:1090: TempDir RemoveAll cleanup: remove C:\Users\CONTAI~1\AppData\Local\Temp\TestLoadOrCreateTrustKeyInvalidKeyFile2014634395\001\keyfile4156691647: The process cannot access the file because it is being used by another process.

    === FAIL: github.com/docker/docker/daemon/graphdriver TestIsEmptyDir (0.01s)
        testing.go:1090: TempDir RemoveAll cleanup: remove C:\Users\CONTAI~1\AppData\Local\Temp\TestIsEmptyDir1962964337\001\dir-with-empty-file\file2523853824: The process cannot access the file because it is being used by another process.

    === FAIL: github.com/docker/docker/pkg/directory TestSizeEmptyFile (0.00s)
        testing.go:1090: TempDir RemoveAll cleanup: remove C:\Users\CONTAI~1\AppData\Local\Temp\TestSizeEmptyFile1562416712\001\file16507846: The process cannot access the file because it is being used by another process.

    === FAIL: github.com/docker/docker/pkg/directory TestSizeNonemptyFile (0.00s)
        testing.go:1090: TempDir RemoveAll cleanup: remove C:\Users\CONTAI~1\AppData\Local\Temp\TestSizeNonemptyFile1240832785\001\file3265662846: The process cannot access the file because it is being used by another process.

    === FAIL: github.com/docker/docker/pkg/directory TestSizeFileAndNestedDirectoryEmpty (0.00s)
        testing.go:1090: TempDir RemoveAll cleanup: remove C:\Users\CONTAI~1\AppData\Local\Temp\TestSizeFileAndNestedDirectoryEmpty2163416550\001\file3715413181: The process cannot access the file because it is being used by another process.

    === FAIL: github.com/docker/docker/pkg/directory TestSizeFileAndNestedDirectoryNonempty (0.00s)
        testing.go:1090: TempDir RemoveAll cleanup: remove C:\Users\CONTAI~1\AppData\Local\Temp\TestSizeFileAndNestedDirectoryNonempty878205470\001\file3280422273: The process cannot access the file because it is being used by another process.

    === FAIL: github.com/docker/docker/volume/service TestSetGetMeta (0.01s)
        testing.go:1090: TempDir RemoveAll cleanup: remove C:\Users\CONTAI~1\AppData\Local\Temp\TestSetGetMeta3332268057\001\db: The process cannot access the file because it is being used by another process.

    === FAIL: github.com/docker/docker/volume/service TestList (0.03s)
        testing.go:1090: TempDir RemoveAll cleanup: remove C:\Users\CONTAI~1\AppData\Local\Temp\TestList2846947953\001\volumes\metadata.db: The process cannot access the file because it is being used by another process.

    === FAIL: github.com/docker/docker/volume/service TestRestore (0.02s)
        testing.go:1090: TempDir RemoveAll cleanup: remove C:\Users\CONTAI~1\AppData\Local\Temp\TestRestore3368254142\001\volumes\metadata.db: The process cannot access the file because it is being used by another process.

    === FAIL: github.com/docker/docker/daemon/graphdriver TestIsEmptyDir (0.00s)
        testing.go:1090: TempDir RemoveAll cleanup: remove C:\Users\CONTAI~1\AppData\Local\Temp\TestIsEmptyDir2823795693\001\dir-with-empty-file\file2625561089: The process cannot access the file because it is being used by another process.

    === FAIL: github.com/docker/docker/pkg/directory TestSizeFileAndNestedDirectoryNonempty (0.00s)
        testing.go:1090: TempDir RemoveAll cleanup: remove C:\Users\CONTAI~1\AppData\Local\Temp\TestSizeFileAndNestedDirectoryNonempty4246252950\001\nested3442260313\file21164327: The process cannot access the file because it is being used by another process.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-05-31 21:53:38 +02:00
Sebastiaan van Stijn
32f7551e61
Merge pull request #43597 from shoeffner/43596-mask-cifs-passwords
volume: mask password in cifs mount error messages
2022-05-19 22:52:26 +02:00
Sebastian Höffner
9a7298a3e6
volume: mask password in cifs mount error messages
In managed environment (such as Nomad clusters), users are not always
supposed to see credentials used to mount volumes.
However, if errors occur (most commonly, misspelled mount paths), the
error messages will output the full mount command -- which might contain
a username and a password in the case of CIFS mounts.

This PR detects password=... when error messages are wrapped and masks
them with ********.

Closes https://github.com/fsouza/go-dockerclient/issues/905.
Closes https://github.com/hashicorp/nomad/issues/12296.
Closes https://github.com/moby/moby/issues/43596.

Signed-off-by: Sebastian Höffner <sebastian.hoeffner@mevis.fraunhofer.de>
2022-05-14 02:45:06 +02:00
Sebastiaan van Stijn
73f0b01da1
volume/local.New(): remove redundant filepath.Base()
FileInfo.Name() returns the base name, so no need to remove
path information.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-05-13 00:38:38 +02:00
Sebastiaan van Stijn
a4bfd9788f
volume/local.New(): remove some intermediate variables
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-05-13 00:38:22 +02:00
Sebastiaan van Stijn
74be0fed6f
volume/local: remove redundant Root.scopedPath(), Root.scope
Now that there's no differentiation between Linux and Windows
for this check, we can remove the two implementations and move
the code inline as it's only used in a single location and moving
it inline makes it more transparent on what's being checked.

As part of this change, the now unused "scope" field is also removed.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-05-13 00:34:08 +02:00