These tests fail when run by a non-root user
=== RUN TestUntarWithMaliciousSymlinks
archive_unix_test.go:63: assertion failed: expected error to contain "open /safe/host-file: no such file or directory", got "Error processing tar file(exit status 1): Error creating mount namespace before pivot: operation not permitted"
--- FAIL: TestUntarWithMaliciousSymlinks (0.00s)
=== RUN TestTarWithMaliciousSymlinks
archive_unix_test.go:90: /tmp/TestTarWithMaliciousSymlinks400408188
=== RUN TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root/safe_host-file
archive_unix_test.go:155: assertion failed: error is not nil: error processing tar file: Error after fallback to chroot: operation not permitted: exit status 1
=== RUN TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root/safe/_host-file
archive_unix_test.go:155: assertion failed: error is not nil: error processing tar file: Error after fallback to chroot: operation not permitted: exit status 1
=== RUN TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root/safe_
archive_unix_test.go:155: assertion failed: error is not nil: error processing tar file: Error after fallback to chroot: operation not permitted: exit status 1
=== RUN TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root/safe/_
archive_unix_test.go:155: assertion failed: error is not nil: error processing tar file: Error after fallback to chroot: operation not permitted: exit status 1
=== RUN TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root_safe/host-file
archive_unix_test.go:155: assertion failed: error is not nil: error processing tar file: Error after fallback to chroot: operation not permitted: exit status 1
=== RUN TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root_/safe/host-file
archive_unix_test.go:155: assertion failed: error is not nil: error processing tar file: Error after fallback to chroot: operation not permitted: exit status 1
=== RUN TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root_
archive_unix_test.go:155: assertion failed: error is not nil: error processing tar file: Error after fallback to chroot: operation not permitted: exit status 1
--- FAIL: TestTarWithMaliciousSymlinks (0.02s)
--- FAIL: TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root/safe_host-file (0.00s)
--- FAIL: TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root/safe/_host-file (0.00s)
--- FAIL: TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root/safe_ (0.00s)
--- FAIL: TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root/safe/_ (0.00s)
--- FAIL: TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root_safe/host-file (0.00s)
--- FAIL: TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root_/safe/host-file (0.00s)
--- FAIL: TestTarWithMaliciousSymlinks//tmp/TestTarWithMaliciousSymlinks400408188/root_ (0.00s)
FAIL
FAIL github.com/docker/docker/pkg/chrootarchive 0.042s
Signed-off-by: Arnaud Rebillout <elboulangero@gmail.com>
These tests fail when run by a non-root user
=== RUN TestTmpfsDevShmNoDupMount
oci_linux_test.go:29: assertion failed: error is not nil: mkdir /var/lib/docker: permission denied
--- FAIL: TestTmpfsDevShmNoDupMount (0.00s)
=== RUN TestIpcPrivateVsReadonly
oci_linux_test.go:29: assertion failed: error is not nil: mkdir /var/lib/docker: permission denied
--- FAIL: TestIpcPrivateVsReadonly (0.00s)
=== RUN TestSysctlOverride
oci_linux_test.go:29: assertion failed: error is not nil: mkdir /var/lib/docker: permission denied
--- FAIL: TestSysctlOverride (0.00s)
=== RUN TestSysctlOverrideHost
oci_linux_test.go:29: assertion failed: error is not nil: mkdir /var/lib/docker: permission denied
--- FAIL: TestSysctlOverrideHost (0.00s)
Signed-off-by: Arnaud Rebillout <elboulangero@gmail.com>
This reverts commit 0ca7456e52,
which caused the docker service to not be starting, or delayed
starting the service in certain conditions.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Some registries seem to be non-conformant and return a not found error
when pulling by digest (which docker now does all the time).
To work around this, fallback when all of the following are true:
1. Image reference is a tag
2. Tag->digest resolution succeeds
3. Fetch by resolved digest fails with a "not found" error.
This is intentionally not caching the manifests to reduce complexity for
this edge case.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This dependency was added in 6cdbf07be9d0ad08776df0b65fb1b3e4e617c42a,
but looks like the code was vendored manually, or vendored, then removeed
from vendor.conf.
This commit removes the vendored files, as they are not needed to build
our binaries.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
While working on some other code, noticed a bug in the jobs code. We're
adding job version after we're checking if there are port configs.
Before, if there were no port configs, the job version would be missing,
because we would return before trying to convert.
This moves the jobs version conversion above that code, so we don't
accidentally return before it.
Signed-off-by: Drew Erny <derny@mirantis.com>
This adds a regression test for https://github.com/moby/moby/issues/24595
make DOCKER_GRAPHDRIVER=vfs TEST_FILTER='TestNetworkList' test-integration
INFO: Testing against a local daemon
=== RUN TestNetworkList
=== RUN TestNetworkList//networks
=== PAUSE TestNetworkList//networks
=== RUN TestNetworkList//networks/
=== PAUSE TestNetworkList//networks/
=== CONT TestNetworkList//networks
=== CONT TestNetworkList//networks/
--- PASS: TestNetworkList (0.05s)
--- PASS: TestNetworkList//networks/ (0.01s)
--- PASS: TestNetworkList//networks (0.01s)
PASS
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
NOTE: the Dockerfile currently uses a single version of Golang for all
stages. This means that currently, all binaries are built with Go
1.13.x, including the containerd binary; upstream containerd switched
to use Go 1.15.
full diff: https://github.com/containerd/containerd/compare/v1.4.1...v1.4.2
Release notes:
Welcome to the v1.4.2 release of containerd!
------------------------------------------------------
The second patch release for containerd 1.4 includes multiple minor fixes
and updates.
Notable Updates
- Fix bug limiting the number of layers by default containerd/cri#1602
- Fix selinux shared memory issue by relabeling /dev/shm containerd/cri#1605
- Fix unknown state preventing removal of containers containerd/containerd#4656
- Fix nil pointer error when restoring checkpoint containerd/containerd#4754
- Improve image pull performance when using HTTP 1.1 containerd/containerd#4653
- Update default seccomp profile for pidfd containerd/containerd#4730
- Update Go to 1.15
Windows
- Fix integer overflow on Windows containerd/containerd#4589
- Fix lcow snapshotter to read trailing tar data containerd/containerd#4628
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- assert: fixes a bug that would cause a panic if there were any
function calls before `assert.Check` on the same line
- golden: create the directory if it does not exist, when run with
`-test.update-golden`
full diff: https://github.com/gotestyourself/gotest.tools/compare/v3.0.2...v3.0.3
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: 6861f17f15...v0.8.0-rc2
- dockerfile: rename experimental channel to labs
- dockerfile build: fix not exit when meet error in load config metadata
- copy containerd.UnknownExitStatus to local const to reduce dependency graph in client
- executor: switch to docker seccomp profile
- add retry handlers to push/pull
- SSH-based auth for llb.Git operations
- Allow gateway exec-ing into a failed solve with an exec op
- Fix parsing ssh-based git sources
- Fix sshkeyscan to work with ipv6
- fix assumption that ssh port must be 2 digits
- vendor: github.com/Microsoft/go-winio v0.4.15
- vendor: github.com/tonistiigi/fsutil v0.0.0-20201103201449-0834f99b7b85
- vendor: containerd v1.4.1-0.20201117152358-0edc412565dc
- vendor: golang.org/x/crypto v0.0.0-20201117144127-c1f2f97bffc9
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: 318312a373...0b889c03f1
- v1/stats: add all fields of memory.oom_control
- memory: remove wrong memory.kmem.limit_in_bytes check
- CI: test against Go 1.15
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: f15a329036...0724c46b32
- Add OpenFifoDup2
- use golang.org/x/sys/unix for dup2 (fixes build on arm64)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: https://github.com/containerd/ttrpc/compare/v1.0.1...v1.0.2
- fix bug, failed to assert net error due to error wrap
- fixes: ttrpc client receive "read: connection reset by peer: unknown"
- client: add UserOnCloseWait function
- travis: add go 1.15
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
c3ed55f3b4...0834f99b7b
- copy: use Clonefileat from golang.org/x/sys/unix on macOS
- go.mod: update opencontainers/go-digest v1.0.0
- Add github action CI
- github: test go1.15
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
