Commit graph

2938 commits

Author SHA1 Message Date
Sebastiaan van Stijn
3aac5f0bbb
Merge pull request #41018 from akhilerm/identity-mapping
remove group name from identity mapping
2020-06-08 15:15:05 +02:00
Akhil Mohan
7ad0da7051
remove group name from identity mapping
NewIdentityMapping took group name as an argument, and used
the group name also to parse the /etc/sub{uid,gui}. But as per
linux man pages, the sub{uid,gid} file maps username or uid,
not a group name.

Therefore, all occurrences where mapping is used need to
consider only username and uid. Code trying to map using gid
and group name in the daemon is also removed.

Signed-off-by: Akhil Mohan <akhil.mohan@mayadata.io>
2020-06-03 20:04:42 +05:30
Akihiro Suda
41ac6bef8d
Merge pull request #41026 from XiaodongLoong/master
fix "stat.Rdev" invalid operation mismatched types on mips64el
2020-05-26 16:51:31 +09:00
Xiaodong Liu
a366fe41cb fix "stat.Rdev" invalid operation mismatched types on mips64el
compile error the "stat.Rdev" variable and "s.Rdev" mismatched types on mips64el
convert "stat.Rdev" type to uint64 explicitly

Signed-off-by: Xiaodong Liu <liuxiaodong@loongson.cn>
2020-05-26 14:50:06 +08:00
Kir Kolyshkin
d5da7e5330 pkg/sysinfo/sysinfo_linux.go: fix some comments
Some were misleading or vague, some were plain wrong.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-05-22 13:13:27 -07:00
Kir Kolyshkin
f02a53d6b9 pkg/sysinfo.applyPIDSCgroupInfo: optimize
For some reason, commit 69cf03700f chose not to use information
already fetched, and called cgroups.FindCgroupMountpoint() instead.
This is not a cheap call, as it has to parse the whole nine yards
of /proc/self/mountinfo, and the info which it tries to get (whether
the pids controller is present) is already available from cgMounts map.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-05-22 13:13:27 -07:00
Akihiro Suda
6a5e3547fb pkg/archive: escape ":" symbol in overlay lowerdir
lowerdir needs escaping:
https://github.com/torvalds/linux/blob/v5.4/fs/overlayfs/super.c#L835-L853

Fix #40939

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-05-12 13:28:04 +09:00
Tibor Vass
751d5f879a
Merge pull request #40646 from thaJeztah/builder_use_pkg_sys_windows
pkg/system: deprecate SetNamedSecurityInfo, GetSecurityDescriptorDacl
2020-05-08 08:21:17 -07:00
Brian Goff
232ebf7fa4
Merge pull request #40868 from thaJeztah/what_is_the_cause
Replace errors.Cause() with errors.Is() / errors.As()
2020-05-07 11:33:26 -07:00
Brian Goff
f6163d3f7a
Merge pull request #40673 from kolyshkin/scan
Simplify daemon.overlaySupportsSelinux(), fix use of bufio.Scanner.Err()
2020-04-29 17:18:37 -07:00
Sebastiaan van Stijn
c3b3aedfa4
Merge pull request #40662 from AkihiroSuda/cgroup2-dockerinfo
cgroup2: implement `docker info`
2020-04-29 22:57:00 +02:00
Sebastiaan van Stijn
07d60bc257
Replace errors.Cause() with errors.Is() / errors.As()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-29 00:28:41 +02:00
Sebastiaan van Stijn
8312004f41
remove uses of deprecated pkg/term
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-21 16:29:27 +02:00
Sebastiaan van Stijn
41d4112e89
pkg/term: vendor moby/term and make pkg/term an alias
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-21 16:29:19 +02:00
Sebastiaan van Stijn
701b39f5f0
pkg/term: deprecate package in favor of moby/term
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-21 16:24:18 +02:00
Brian Goff
71626b7bdf
Merge pull request #40766 from thaJeztah/lcow_build_tag
LCOW: add "no_lcow" build tag to allow disabling lcow
2020-04-20 10:43:53 -07:00
Akihiro Suda
f350b53241 cgroup2: implement docker info
ref: https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-04-17 07:20:01 +09:00
Brian Goff
620bce847d
Merge pull request #40749 from DanielQujun/zombie_check_for_container
add zombie check for container when killing it
2020-04-16 12:01:58 -07:00
Sebastiaan van Stijn
7d0e9399a3
Merge pull request #39728 from bamarni/term-proxy-pty
Support reading multiple bytes in escapeProxy
2020-04-16 09:21:40 +02:00
Sebastiaan van Stijn
33e8670ae0
Merge pull request #40786 from alanhoyle/master
Fixed typo in inventor comments.
2020-04-15 16:27:32 +02:00
屈骏
f3c1eec99e add zombie check for container when killing it, alernative fix for #40735.
Signed-off-by: 屈骏 <qujun@tiduyun.com>
2020-04-10 16:46:31 +08:00
Roman Mazur
f2c432636b
pkg/authorization: Fix test failures on macOS
On macOS, unit tests were failing with

root@c4101a75c792:/go/src/github.com/docker/docker/pkg/authorization# go test .
--- FAIL: TestAuthZRequestPluginError (0.00s)
    authz_unix_test.go:295: listen unix authz-test-plugin.sock: bind: file name too long
--- FAIL: TestAuthZRequestPlugin (0.00s)
    authz_unix_test.go:295: listen unix authz-test-plugin.sock: bind: file name too long
--- FAIL: TestAuthZResponsePlugin (0.00s)
    authz_unix_test.go:295: listen unix authz-test-plugin.sock: bind: file name too long
time="2020-04-07T10:07:04Z" level=warning msg="Request body is larger than: '1048576' skipping body"
--- FAIL: TestMiddlewareWrapHandler (0.00s)
    authz_unix_test.go:295: listen unix authz-test-plugin.sock: bind: file name too long
FAIL
FAIL	github.com/docker/docker/pkg/authorization	0.120s

This change moves the socket creation from a working test directory to a tmp directory,
so the path is shorter.

Change-type: patch
Signed-off-by: Roman Mazur <roman@balena.io>
2020-04-08 13:06:50 +03:00
Alan Hoyle
06ca1606e1 Fixed typo in inventor comments.
Kirby and Noyce worked with "silicon" not "silicone"

Signed-off-by: Alan Hoyle <alan@alanhoyle.com>
2020-04-07 09:03:56 -04:00
Akihiro Suda
ff9fa7b43a
Merge pull request #40496 from thaJeztah/locally_scope_variable
TestCatchAll, TestStopCatch: remove unneeded goroutine
2020-04-07 09:54:25 +09:00
Kir Kolyshkin
85dc0fb7d5 pkg/mount: make standalone golint happy
We do our CI via golangci-lint, which understands nolint: annotations.

A standalone linter tool, golint, does not, and it insists on
documenting these:

> pkg/mount/deprecated.go:47:1: comment on exported var MergeTmpfsOptions should be of the form "MergeTmpfsOptions ..."
> pkg/mount/deprecated.go:51:1: comment on exported type FilterFunc should be of the form "FilterFunc ..." (with optional leading article)
> pkg/mount/deprecated.go:51:1: comment on exported type Info should be of the form "Info ..." (with optional leading article)

For `MergeTmpfsOptions`, the workaround is to put it inside a
`var ( ... )` block.

For the other two warnings, we have to provide the "actual"
documentation (or something that looks like it).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-04-02 11:32:27 -07:00
Sebastiaan van Stijn
0d3b400ab5
LCOW: add "no_lcow" build tag to allow disabling lcow
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-02 19:54:16 +02:00
Kir Kolyshkin
745ed9686b pkg/idtools: fix use of bufio.Scanner.Err
The Err() method should be called after the Scan() loop,
not inside it.

Fixes: 9a3ab0358e
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-03-31 14:32:49 -07:00
Kir Kolyshkin
99beb2ca02 pkg/mount: deprecate
Add a deprecation/removal notice, pointing out to appropriate
replacement packages.

I was not sure if a package-level deprecation is enough, so
I also added notices around each block.

Note that `nolint:golint` annotations are left as is, otherwise
golint complains like this:

> pkg/mount/deprecated.go:45:1: comment on exported var `MergeTmpfsOptions` should be of the form `MergeTmpfsOptions ...` (golint)
> // Deprecated: use github.com/moby/sys/mount instead.
> ^

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-03-20 09:46:25 -07:00
Kir Kolyshkin
39048cf656 Really switch to moby/sys/mount*
Switch to moby/sys/mount and mountinfo. Keep the pkg/mount for potential
outside users.

This commit was generated by the following bash script:

```
set -e -u -o pipefail

for file in $(git grep -l 'docker/docker/pkg/mount"' | grep -v ^pkg/mount); do
	sed -i -e 's#/docker/docker/pkg/mount"#/moby/sys/mount"#' \
		-e 's#mount\.\(GetMounts\|Mounted\|Info\|[A-Za-z]*Filter\)#mountinfo.\1#g' \
		$file
	goimports -w $file
done
```

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-03-20 09:46:25 -07:00
Kir Kolyshkin
59c0495409 pkg/mount: make it shallow
Make pkg/mount a shallow package, relying on
github.com/moby/sys/mount and github.com/moby/sys/mountinfo

The plan is to
 - switch the rest of this repo to use moby/sys directly
 - add deprecation notice to pkg/mount
 - (eventually) remove pkg/mount

The nolint:golint annotation is added to suppress warnings like
"exported XXX should have comment or be unexported".

The ForceMount function is deprecated (and is identical to Mount),
so let's not use it (but still provide an alias for those who do).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-03-20 09:46:25 -07:00
Bilal Amarni
8dd1490473 Support reading multiple bytes in escapeProxy
Currently, the escapeProxy works under the assumption that the
underlying reader will always return 1 byte at a time. Even though this
is usually true, it is not always the case, for example when using a pty
and writing multiple bytes to the master before flushing it.

In such cases the proxy reader doesn't work properly. For example with
an escape sequence being `ctrl-p,ctrl-q`, when the underlying reader
returns `ctrl-p,ctrl-q` at once, the escape sequence isn't detected.

This updates the reader to support this use-case and adds unit tests.

Signed-off-by: Bilal Amarni <bilal.amarni@gmail.com>
2020-03-18 00:19:53 +04:00
liuxiaodong
25d6047ec0 unit test on TestParseSignal failed within pkg/signal package on mips64el
error log :
signal_test.go:20: assertion failed: error is not nil: Invalid signal: SIGEMT
signal_test.go:22: assertion failed:
When "ParseSignal" function parse sigStr from SignalMap, it find the signal object with key ("SIG"+sigStr). But  EMT signal named "SIGEMT" in SignalMap structrue, so the real key is "SIGSIGEMT" , and cannot find the target signal.
modify "SIGEMT" to "EMT" in SignalMap structrue.

Signed-off-by: liuxiaodong <liuxiaodong@loongson.cn>
2020-03-12 20:45:02 +08:00
Sebastiaan van Stijn
5d86e4a840
Merge pull request #40670 from thaJeztah/fix_linting
fix linting in pkg/mount
2020-03-11 20:04:49 +01:00
Kir Kolyshkin
26f8c7de91
Merge pull request #40647 from thaJeztah/simplify_is_abs
pkg/system: minor linting issues and refactor
2020-03-11 10:52:49 -07:00
Sebastiaan van Stijn
6c0eb9e849
fix linting in pkg/mount
We recently updated golangci-lint, which is checking for some
additional linting rules, causing a failure in code that was
just merged to master; 5bd02b8a86

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-03-11 18:45:50 +01:00
Sebastiaan van Stijn
8bbba72499
Merge pull request #40637 from kolyshkin/ensure-remove-all
EnsureRemoveAll, RecursiveUnmount: don't call Mounted around Unmount
2020-03-11 18:05:36 +01:00
Sebastiaan van Stijn
d93860bd8d
Merge pull request #40656 from kolyshkin/mount-faster
Make mount.Mount() faster^W great again
2020-03-11 17:58:59 +01:00
Kir Kolyshkin
b890c20555 pkg/archive: use mount pkg
It makes sense to use mount package here because
 - it no longer requires /proc to be mounted
 - it provides verbose errors so the caller doesn't have to

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-03-10 18:23:53 -07:00
Kir Kolyshkin
83ed668688 pkg/mount.Mount: speedup (remove Mounted check)
This was added in PR #6669 (commit f87afda123) because it was
otherwise impossible to do a re-mount of already mounted file system.

It is way better to just remove the Mounted() check altogether.

This change might potentially lead to multiple mounts to the same
mount point, so I audited all the users (except tests) and it looks
like no one is doing that:

 * volume/local maintains 'mounted' flag for every volume
 * pkg/chrootarchive already calls Mounted() before Mount()
   (so it actually parsed /proc/self/mountinfo twice, oops!)
 * daemon.mountVolumes() is called for docker cp only, and
   it is called once
 * daemon/graphdriver/zfs keeps track of 'mounted' status
 * daemon/graphdriver/devmapper: ditto
 * daemon.createSecretsDir() is only called once during container start

Surely I might have easily missed something so this needs a careful
review.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-03-10 17:06:26 -07:00
Brian Goff
389ddfd07c
Merge pull request #40649 from thaJeztah/deprecate_CommandLineToArgv
pkg/system: remove unused CommandLineToArgv
2020-03-10 15:46:01 -07:00
Brian Goff
4634ce647c
Merge pull request #40648 from thaJeztah/standalone_symlink
pkg/symlink: don't depend on pkg/system and pkg/longpath
2020-03-10 09:37:18 -07:00
Kir Kolyshkin
5bd02b8a86 pkg/mount.RecursiveUnmount(): don't call Mounted()
Calling mount.Mounted() after an error from Unmount() is
questionable -- if umount failed, the mount is probably
still there anyway, it doesn't make sense to check it.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-03-09 13:08:57 -07:00
Kir Kolyshkin
f8dbc31b78 pkg/system.EnsureRemoveAll: don't call Mounted
1. Call to mount.Mounted() is very expensive and it's redundant
   to call it before Unmount().

2. Calling mount.Mounted() after an error from Unmount() is
   questionable -- if umount failed, the mount is probably
   still there anyway, it doesn't make sense to check it.

This should result in faster code with no change in functionality.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-03-09 13:08:57 -07:00
Sebastiaan van Stijn
bd2e288e56
pkg/system: remove unused CommandLineToArgv
This function was added in 9c4570a958,
but appears to never have been used.

Removing it, as it's not used in the codebase and, from a quick
search on GitHub, also doesn't look to be used by other projects.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-03-09 17:02:53 +01:00
Sebastiaan van Stijn
a48c6e3005
pkg/symlink: don't depend on pkg/system and pkg/longpath
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-03-09 16:41:54 +01:00
Sebastiaan van Stijn
f2d49cb7ee
pkg/system: fix minor linting issues
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-03-09 16:40:05 +01:00
Sebastiaan van Stijn
dec7a1befb
pkg/system: simplify IsAbs()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-03-09 16:35:12 +01:00
Sebastiaan van Stijn
079fb80657
pkg/system: replace more uses of "syscall"
follow-up to 069fdc8a08, replacing
more uses of the syscall package in favor of their "windows"
equivalents in golang.org/x/sys.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-03-09 15:50:43 +01:00
Sebastiaan van Stijn
3bba43b894
pkg/system: deprecate SetNamedSecurityInfo, GetSecurityDescriptorDacl
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-03-09 12:41:31 +01:00
Kir Kolyshkin
669056f93d pkg/system.getxattr: handle changed size case
lgetxattr(2) man page says:

> If size is specified as zero, these calls return the  current  size  of
> the  named extended attribute (and leave value unchanged).  This can be
> used to determine the size of the buffer that should be supplied  in  a
> subsequent  call.   (But, bear in mind that there is a possibility that
> the attribute value may change between the two calls,  so  that  it  is
> still necessary to check the return status from the second call.)

The current code does not handle the case when the size changes between
the two calls, and the new size is larger.

Fix the above problem, and slightly simplify the code.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2020-02-26 07:56:12 -08:00