The namespace unshare+pivot root is not possible when running inside a
user namespace, so fallback to the original "real" chroot code.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
If we are running in a user namespace, don't try to mknod as
it won't be allowed. libcontainer will bind-mount the host's
devices over files in the container anyway, so it's not needed.
The chrootarchive package does a chroot (without mounting /proc) before
its work, so we cannot check /proc/self/uid_map when we need to. So
compute it in advance and pass it along with the tar options.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
The export command operates on containers, not images, so it should be listed under the container commands, not the image commands.
Signed-off-by: David Lechner <david@lechnology.com>
This device is not required by the OCI spec.
The rationale for this was linked to docker/docker#2393
So a non functional /dev/fuse was created, and actual fuse use still is
required to add the device explicitly. However even old versions of the JVM
on Ubuntu 12.04 no longer require the fuse package, and this is all not
needed.
See also https://github.com/opencontainers/runc/pull/983 although this
change alone stops the fuse device being created.
Tested and does not change actual ability to use fuse.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Commit 353af0b3ec updated
the `/image/load` endpoint to consistendly return
JSON, but did not update the associated documentation.
This updates the example response in the documentation
to match the actual response.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These flags were not supported (daemon returns an error), and it was an
oversight. They were not present in completion scripts.
Signed-off-by: Tibor Vass <tibor@docker.com>
This brings in a much newer version of etcd/raft.
An unrelated change in swarmkit should fix some problems with
integration tests on ARM.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Volumes and other content created under a bind mount should be
recursively propagated using rshared, not shared. This could be
the reason for EBUSY during removal. Override options with rbind,
rshared and see if CI errors are fixed.
May fix#25511
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
During image pulls on docker service create, logs will only show status
updates and updates every 1 second on long-running actions like
downloading and extracting. Adds golang.org/x/time/rate as dependency.
Ports docker/swarmkit#1352 to docker/docker.
Signed-off-by: Drew Erny <drew.erny@docker.com>
