Due to the test plugins being architecture specific, these
tests fail to start the plugin (even though they don't fail yet)
Temporary fix until we can build architecture specific test
plugins.
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
(cherry picked from commit ebff8c79a3)
Signed-off-by: Victor Vieux <vieux@docker.com>
In certain cases (unattended upgrades), system services can disable
loaded AppArmor profiles. However, since /etc being read-only is a
supported setup we cannot just write a copy of the profile to
/etc/apparmor.d.
Instead, dynamically load the docker-default AppArmor profile if a
container is started with that profile set. This code will short-cut if
the profile is already loaded.
Fixes: 2f7596aaef ("apparmor: do not save profile to /etc/apparmor.d")
Signed-off-by: Aleksa Sarai <asarai@suse.de>
(cherry picked from commit 567ef8e785)
Signed-off-by: Victor Vieux <vieux@docker.com>
This fix tries to fix the issue raised in 29044 where
the IPAM options is missing in swarm network mode
after the service is deployed. Before the service
is deployed, the IPAM options is available.
The reason for the issue is that, before service is
deployed, `network inspect` is querying the swarm and
obtained the correct information.
However, after service is deployed, swarm executor
does not pass the IPAM options to the backend (daemon).
Also after service is deployed, `network inspect` is
actually querying the local daemon for information.
At this time the network information with missing IPAM
options is returned.
This fix fixes the issue by updating the swarm network
allocator and swarm executor.
A separate PR for swarmkit will be opened.
An integration test has been added to cover the change.
This fix fixes 29044.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 4d958e99c1)
Signed-off-by: Victor Vieux <vieux@docker.com>
- Display the ID column
- Do not append the task ID in the name column
- (NEW): Truncate task IDs, unless --no-trunc is specified
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
(cherry picked from commit bbd2018ee1)
Signed-off-by: Victor Vieux <vieux@docker.com>
This fix update swarmkit to b5f07ce49c66d2f5feee83998b23d4c905b78155
The following changes have been included:
- Fix missing IPAM options in swarm network mode (docker/swarmkit#1789)
The above PR is related to docker PR #29074 and docker issue #29044.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix tries to address the issue raised in 29129 where
"--hostname" not working when running in "--net=host" for
`docker run`.
The fix fixes the issue by not resetting the `container.Config.Hostname`
if the `Hostname` has already been assigned through `--hostname`.
An integration test has been added to cover the changes.
This fix fixes 29129.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit b0a7b0120f)
Signed-off-by: Victor Vieux <vieux@docker.com>
This reverts 26103. 26103 was trying to make it so that if someone did:
docker build --build-arg FOO .
and FOO wasn't set as an env var then it would pick-up FOO from the
Dockerfile's ARG cmd. However, it went too far and removed the ability
to specify a build arg w/o any value. Meaning it required the --build-arg
param to always be in the form "name=value", and not just "name".
This PR does the right fix - it allows just "name" and it'll grab the value
from the env vars if set. If "name" isn't set in the env then it still needs
to send "name" to the server so that a warning can be printed about an
unused --build-arg. And this is why buildArgs in the options is now a
*string instead of just a string - 'nil' == mentioned but no value.
Closes#29084
Signed-off-by: Doug Davis <dug@us.ibm.com>
(cherry picked from commit cdb8ea90b0)
Signed-off-by: Victor Vieux <vieux@docker.com>
The install script currently includes some
distros that we don't actually have packages
for.
For these distros, the script currently
performs step to install Docker from
the distro's repository.
This patch removes those distros from
the install script, because we have no
control over these packages, and cannot
provide support for them.
Installing docker anyway will give the
false impression that they installed
a package from our repository (but they
didn't), and that they need to contact
us for support.
It's better to tell people that we don't
install in that case, and refer them to
the installation documentation, or the
documentation of their distro.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 29b98b6ee6)
Signed-off-by: Victor Vieux <vieux@docker.com>
Legacy plugins expect host-relative paths (such as for Volume.Mount).
However, a containerized plugin cannot respond with a host-relative
path. Therefore, this commit modifies new volume plugins' paths in Mount
and List to prepend the container's rootfs path.
This introduces a new PropagatedMount field in the Plugin Config.
When it is set for volume plugins, RootfsPropagation is set to rshared
and the path specified by PropagatedMount is bind-mounted with rshared
prior to launching the container. This is so that the daemon code can
access the paths returned by the plugin from the host mount namespace.
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit c54b717caf)
Signed-off-by: Victor Vieux <vieux@docker.com>
v2/Plugin struct had fields that were
- purely used by the manager.
- unsafely exposed without proper locking.
This change fixes this, by moving relevant fields to the manager as well
as making remaining fields as private and providing proper accessors for
them.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
(cherry picked from commit b35490a8ba)
Signed-off-by: Victor Vieux <vieux@docker.com>
It provides an ASLR-bypassing target with usable ROP gadgets.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
(cherry picked from commit 49dcce7ba0)
Signed-off-by: Victor Vieux <vieux@docker.com>
Distribution client change for class in resource
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
(cherry picked from commit d1f5e0f7a6)
Signed-off-by: Victor Vieux <vieux@docker.com>
This fix tries to address the issue raised on 29185 where
`docker inspect <unknown object>` on Windows will return:
```
Error response from daemon: plugins are not supported on this platform
```
The reason was that in case `--type` is not specified, `docker inspect`
will iterate through different types `container`, `image`, `network`,
`plugin` etc. The `plugin` object is the last type to check.
However, as `plugin` is not supported on Windows yet, the error message
is not very informative for `plugins are not supported on this platform`.
This fix tries to fix the issue by return a `not found` error on unsupported
platforms as well.
An integration test has been added to cover the changes for Windows/Linux.
This fix fixes 29185.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 88fcdb0a82)
Signed-off-by: Victor Vieux <vieux@docker.com>
