Commit graph

2174 commits

Author SHA1 Message Date
Victor Vieux
8e21480106 skip api/types/container/ (like golint) and fix one pkg
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
(cherry picked from commit 79a891efb7)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-18 18:41:43 -08:00
Tom Wilkie
9f3c9209d0 s/bCap/bLen/
Signed-off-by: Tom Wilkie <tom.wilkie@gmail.com>
(cherry picked from commit 3a05545851)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-18 13:31:39 -08:00
Tom Wilkie
f02e4e1900 Fix use of cap in MultiReadSeeker
Signed-off-by: Tom Wilkie <tom.wilkie@gmail.com>
(cherry picked from commit 158bb9bbd5)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-18 13:31:33 -08:00
allencloud
0b8f8876b9 fix typo
Signed-off-by: allencloud <allen.sun@daocloud.io>
(cherry picked from commit 1f039a66ac)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-18 13:27:01 -08:00
John Howard
dbf1900e8c Windows: Use sequential file access
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-11-16 11:05:23 -08:00
Shayne Wang
19c16fd95e Change reading order of tailfile
change reading order from beginning at the end to beginning at a buffer start
added intergration tests for boundary cases
Removed whitespace
Signed-off-by: Shayne Wang <shaynexwang@gmail.com>
2016-11-14 11:58:01 -08:00
John Howard
46ec4c1ae2 Windows: create daemon root with ACL
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-11-10 17:51:28 -08:00
Tõnis Tiigi
7aeacd35f2 Merge pull request #28238 from ijc25/jsonmessage-urxvt-corruption
pkg/jsonmessage: Avoid undefined ANSI escape codes.
2016-11-10 17:07:01 -08:00
Ian Campbell
b08b437acc pkg/jsonmessage: Avoid undefined ANSI escape codes.
The ANSI escape codes \e[0A (cursor up 0 lines) and \e[0B (cursor down 0 lines)
are not well defined and are treated differently by different terminals. In
particular xterm treats 0 as a missing parameter and therefore defaults to 1,
whereas rxvt-unicode treats these escapes as a request to move 0 lines.

However the use of these codes is unnecessary and were really just hiding the
fact that we were not correctly computing diff when adding a new line. Having
added the new line to the ids map and output the corresponding \n we need to
then calculate a correct diff of 1 rather than leaving it as the default 0
(which xterm then interprets as 1). The fix is to pull the diff calculation out
of the else case and to always do it.

With this in place we can then avoid outputting escapes for moving 0 lines.
Actually diff should never be 0 to start with any more, but check to be safe.

This fixes corruption of `docker pull` seen with rxvt-unicode (and likely other
terminals in that family) seen in #28111. Tested with rxvt-unicode
($TERM=rxvt-unicode), xterm ($TERM=xterm), mlterm ($TERM=mlterm) and aterm
($TERM=kterm).

The test cases have been updated to match the new behaviour.

Signed-off-by: Ian Campbell <ian.campbell@docker.com>
2016-11-10 14:10:47 +00:00
Victor Vieux
643ac2f804 Merge pull request #27433 from AkihiroSuda/fix-ovl-xfs-ftype0
overlay: warn if overlay backing fs doesn't support d_type
2016-11-09 13:39:07 -08:00
Michael Crosby
da0ccf8e61 Merge pull request #28047 from cpuguy83/27773_chrootarchive_rbind
Fix issue with cp to container volume dir
2016-11-09 10:52:14 -08:00
Akihiro Suda
2e20e63da2 overlay: warn if overlay backing fs doesn't support d_type
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2016-11-09 07:18:27 +00:00
John Howard
54e09aa4e2 Windows: Avoid concurrent access to sysinfo
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-11-08 17:52:38 -08:00
Vincent Demeester
acf7ce1aa0
Remove use of pkg/integration in pkg/idtools
This remove a dependency on `go-check` (and more) when using
`pkg/idtools`. `pkg/integration` should never be called from any other
package then `integration`.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2016-11-08 17:21:02 +01:00
Amit Krishnan
934328d8ea Add functional support for Docker sub commands on Solaris
Signed-off-by: Amit Krishnan <krish.amit@gmail.com>

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2016-11-07 09:06:34 -08:00
Alexander Morozov
c072347078 Merge pull request #27912 from LK4D4/vndr
project: use vndr for vendoring
2016-11-03 18:30:19 -07:00
Riyaz Faizullabhoy
a64fc8eea3 Revert "Update authz plugin list on failure."
This reverts commit fae904af02.

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-11-03 15:49:21 -07:00
Alexander Morozov
f2614f2107 project: use vndr for vendoring
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2016-11-03 15:31:46 -07:00
Brian Goff
02bc2e652b Merge pull request #27331 from Microsoft/jjh/spew
Add spew debugging
2016-11-03 16:36:20 -04:00
Sebastiaan van Stijn
16f6b3e8a9 Merge pull request #27383 from runcom/authz-peercerts
pkg/authorization: send request's TLS peer certificates to plugins
2016-11-03 13:22:29 -07:00
Brian Goff
e6eef7eb49 Fix issue with cp to container volume dir
In some cases, attempting to `docker cp` to a container's volume dir
would fail due to the volume mounts not existing after performing a
bind-mount on the container path prior to doing a pivot_root.

This does not seem to be effecting all systems, but was found to be a
problem on centos.
The solution is to use an `rbind` rather than `bind` so that any
existing mounts are carried over.

The `MakePrivate` on `path` is no longer neccessary since we are already
doing `MakeRPrivate` on `/`.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-11-03 16:01:15 -04:00
John Howard
4c62b12636 Spew debugging
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-11-03 10:05:11 -07:00
Justin Cormack
81683e898a Merge pull request #27599 from estesp/getent-path
Add support for looking up user/groups via `getent`
2016-11-03 15:11:42 +00:00
Vincent Demeester
19b5b4aada Merge pull request #27951 from LK4D4/dump_always_to_file
daemon: always dump stack to file
2016-11-03 00:35:06 -07:00
Tibor Vass
1e51f99684 Merge pull request #27918 from dmcgowan/use-system-certs
Merge system certificate pool with custom certificates
2016-11-02 13:51:58 -07:00
Alexander Morozov
e5d36586ac daemon: always dump stack to file
Dumping to log is unusable in 90% of cases and inspecting file is much
more convenient.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2016-11-02 11:22:43 -07:00
Vincent Demeester
bcdce2a6b0 Merge pull request #27705 from dmcgowan/fix-27298
Ensure opaque directory permissions respected
2016-11-02 10:13:30 +01:00
Daehyeok Mun
fa710e504b Fix logrus formatting
This fix tries to fix logrus formatting by removing `f` from
`logrus.[Error|Warn|Debug|Fatal|Panic|Info]f` when formatting string
is not present.

Fixed issue #23459

Signed-off-by: Daehyeok Mun <daehyeok@gmail.com>
2016-10-31 22:05:01 -06:00
Derek McGowan
66a5e34cc4
Use system ca pool from tlsconfig
Remove deprecated config from local pkg/tlsconfig.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-10-31 14:52:07 -07:00
Antonio Murdaca
1452c1cc71
pkg/authorization: send request's TLS peer certificates to plugins
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-10-31 17:37:19 +01:00
Qiang Huang
e6866492c4 Fix bunch of typos
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-10-29 15:03:26 +08:00
Phil Estes
6cb8392be9 Add support for looking up user/groups via getent
When processing the --userns-remap flag, add the
capability to call out to `getent` if the user and
group information is not found via local file
parsing code already in libcontainer/user.

Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
2016-10-28 19:06:07 -04:00
Anusha Ragunathan
406c19f096 Merge pull request #27804 from anusha-ragunathan/blacklist-authz
Blacklist authz plugins that failed.
2016-10-28 15:06:20 -07:00
Derek McGowan
daa7019517
Ensure opaque directory permissions respected
When converting an opaque directory always keep the original
directory tar entry to ensure directory is created with correct
permissions on restore.

Closes #27298

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-10-28 13:13:10 -07:00
Anusha Ragunathan
fae904af02 Update authz plugin list on failure.
When daemon fails to load an authz plugin, it should be removed from
the plugin list. Else the plugin is retried on every request and
response, resulting in undesired behavior (eg. daemon panic)

Signed-off-by: Anusha Ragunathan <anusha@docker.com>
2016-10-28 11:16:06 -07:00
Erik Hollensbe
c4be1b117f stdcopy: remove logrus debug messages; makes it easier to vendor without the dependency.
Signed-off-by: Erik Hollensbe <github@hollensbe.org>
2016-10-26 16:29:37 -07:00
Erik St. Martin
56f77d5ade Implementing support for --cpu-rt-period and --cpu-rt-runtime so that
containers may specify these cgroup values at runtime. This will allow
processes to change their priority to real-time within the container
when CONFIG_RT_GROUP_SCHED is enabled in the kernel. See #22380.

Also added sanity checks for the new --cpu-rt-runtime and --cpu-rt-period
flags to ensure that that the kernel supports these features and that
runtime is not greater than period.

Daemon will support a --cpu-rt-runtime flag to initialize the parent
cgroup on startup, this prevents the administrator from alotting runtime
to docker after each restart.

There are additional checks that could be added but maybe too far? Check
parent cgroups to ensure values are <= parent, inspecting rtprio ulimit
and issuing a warning.

Signed-off-by: Erik St. Martin <alakriti@gmail.com>
2016-10-26 11:33:06 -04:00
John Howard
ff6db320f8 Merge pull request #27747 from Microsoft/jjh/clientisolationcomment
Windows: Add comment for containers on client SKUs
2016-10-25 13:37:25 -07:00
John Howard
87ab13add4 Windows: Add comment re client containers
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-10-25 10:30:00 -07:00
John Howard
745f3ece53 mkdirall on the PID file path
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-10-25 09:11:20 -07:00
Kenfe-Mickaël Laventure
87ae571fed Merge pull request #27609 from tonistiigi/fix-chroot-shared-parent
chroot: remount everything as private in new mntns
2016-10-21 14:40:40 -07:00
Victor Vieux
d0e6dae233 Merge pull request #27522 from vieux/data_race_plugins
prevent data race in pkg/plugins
2016-10-21 14:19:48 -07:00
Victor Vieux
f7af80860c prevent data race in pkg/plugins
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-10-21 13:28:13 -07:00
Aaron Lehmann
bc52939b04 Merge pull request #27613 from stevvooe/archive-package-cleanup
pkg/archive: remove unnecessary Archive and Reader type
2016-10-20 20:56:23 -07:00
Stephen J Day
aa2cc18745
pkg/archive: remove unnecessary Archive and Reader type
The `archive` package defines aliases for `io.ReadCloser` and
`io.Reader`. These don't seem to provide an benefit other than type
decoration. Per this change, several unnecessary type cases were
removed.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2016-10-20 19:31:24 -07:00
Aaron Lehmann
2e742b0221 Merge pull request #27606 from stevvooe/no-pool-pointer
pkg/pool: no need for double pointer for sync.Pool
2016-10-20 17:03:41 -07:00
Tonis Tiigi
70dfea63ba chroot: let root be cleaned up by kernel
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2016-10-20 15:50:46 -07:00
Tonis Tiigi
b511d1f0ca chroot: remount everything as private in new mntns
If parent of the destination path is shared, this
path will be unmounted from the parent ns even if
the path itself is private.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2016-10-20 15:29:23 -07:00
Stephen J Day
836f347cb0
pkg/pool: no need for double pointer for sync.Pool
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2016-10-20 15:27:38 -07:00
Aaron Lehmann
2c620d0aa2 Merge pull request #27287 from mavenugo/pluginv2-sk2
Allow multiple handlers to support network plugins in swarm-mode
2016-10-20 13:43:04 -07:00