Commit graph

45880 commits

Author SHA1 Message Date
Sebastiaan van Stijn
93e5c99fff
Merge pull request #45324 from vvoland/image-children-error
images/Children: Return error
2023-04-13 18:00:47 +02:00
Sebastiaan van Stijn
9b83875c13
Merge pull request #45300 from thaJeztah/errdefs_alias
use consistent alias for containerd's errdefs package, and validate in CI
2023-04-13 16:20:49 +02:00
Paweł Gronowski
9cb5da400c
images/Children: Return error
Change return value in function signature and return fatal errors so
they can actually be reported to the caller instead of just being logged
to daemon log.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2023-04-13 16:20:02 +02:00
Sebastiaan van Stijn
45483a1d0d
Merge pull request #45299 from thaJeztah/cleanup_stats
daemon: move code related to stats together
2023-04-13 16:16:47 +02:00
Sebastiaan van Stijn
86183ebf55
Merge pull request #45321 from thaJeztah/daemon_seccomp_flag_description
daemon: touch-up flag description for --seccomp-profile
2023-04-13 16:07:50 +02:00
Sebastiaan van Stijn
a948ee9601
Merge pull request #45306 from aneesh98/45233-change-checks-timeout
Added timeout to validate job in github actions
2023-04-13 15:38:48 +02:00
Sebastiaan van Stijn
03fc3aad12
daemon: touch-up flag description for --seccomp-profile
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-13 13:39:20 +02:00
Sebastiaan van Stijn
3d0bdfaa70
Merge pull request #45312 from rumpl/c8d-fix-http-fallback
c8d: Fix checking TLS handshake for insecure registries
2023-04-13 00:33:01 +02:00
Sebastiaan van Stijn
49fa3d82b7
Merge pull request #44510 from thaJeztah/api_server_sanitizeRepoAndTags
api/server/backend/build: sanitizeRepoAndTags() check for digest
2023-04-12 22:10:52 +02:00
Djordje Lukic
f696a1b3b3
Fix error checking when pulling from an insecure registry
The call to an unsecure registry doesn't return an error saying that the
"server gave an HTTP response to an HTTPS client" but a
tls.RecordHeaderError saying that the "first record does not look like a
TLS handshake", this changeset looks for the right error for that case.

This fixes the http fallback when using an insecure registry

Signed-off-by: Djordje Lukic <djordje.lukic@docker.com>
2023-04-12 21:56:52 +02:00
Sebastiaan van Stijn
8cf66ed732
Merge pull request #45301 from thaJeztah/vendor_sctp
vendor: github.com/ishidawataru/sctp v0.0.0-20230406120618-7ff4192f6ff2
2023-04-12 12:41:44 +02:00
Sebastiaan van Stijn
0154746b9f
Merge pull request #44965 from akerouanton/libnetwork-dead-code
libnetwork/overlay: remove dead code
2023-04-11 17:09:45 +02:00
Sebastiaan van Stijn
f645a6d43e
Merge pull request #45305 from crazy-max/update-xx
Dockerfile: update xx to 1.2.1
2023-04-11 16:10:50 +02:00
Sebastiaan van Stijn
860db986fc
Merge pull request #45267 from rumpl/c8d-fix-exec-user
c8d: Set the process user on exec
2023-04-11 16:03:40 +02:00
Sebastiaan van Stijn
74a0fdf961
Merge pull request #45265 from vvoland/c8d-children-upstream
c8d: Implement Children by comparing diff ids
2023-04-11 15:45:27 +02:00
Aneesh Kulkarni
e5dbd28afd Added timeout to validate job in github actions
Signed-off-by: Aneesh Kulkarni <askthefactorcamera@gmail.com>
2023-04-11 18:52:57 +05:30
Sebastiaan van Stijn
3ce6efc4dd
Merge pull request #45285 from thaJeztah/c8d_implement_GetRepository
c8d: implement GetRepository (split GetRepository from ImageService)
2023-04-11 14:23:35 +02:00
CrazyMax
106c694993
Dockerfile: update xx to 1.2.1
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2023-04-11 11:22:53 +02:00
Sebastiaan van Stijn
a5d46a15f5
split GetRepository from ImageService
The GetRepository method interacts directly with the registry, and does
not depend on the snapshotter, but is used for two purposes;

For the GET /distribution/{name:.*}/json route;
dd3b71d17c/api/server/router/distribution/backend.go (L11-L15)

And to satisfy the "executor.ImageBackend" interface as used by Swarm;
58c027ac8b/daemon/cluster/executor/backend.go (L77)

This patch removes the method from the ImageService interface, and instead
implements it through an composite struct that satisfies both interfaces,
and an ImageBackend() method is added to the daemon.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

remove GetRepository from ImageService

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-09 12:07:57 +02:00
Sebastiaan van Stijn
893d28469f
vendor: github.com/ishidawataru/sctp v0.0.0-20230406120618-7ff4192f6ff2
- Prevent from descriptor leak
- Fixes optlen in getsockopt() for s390x

full diff: 9a39160e90...7ff4192f6f

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-08 22:34:51 +02:00
Sebastiaan van Stijn
f66374f6a8
golangci-lint: enable importas linter to force consistent aliases
This enforces the github.com/containerd/containerd/errdefs package to
be aliased as "cerrdefs". Any other alias (or no alias used) results
in a linting failure:

    integration/container/pause_test.go:9:2: import "github.com/containerd/containerd/errdefs" imported as "c8derrdefs" but must be "cerrdefs" according to config (importas)
        c8derrdefs "github.com/containerd/containerd/errdefs"
        ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-08 20:03:27 +02:00
Sebastiaan van Stijn
81e62af94a
use consistent alias for containerd's errdefs package
The signatures of functions in containerd's errdefs packages are very
similar to those in our own, and it's easy to accidentally use the wrong
package.

This patch uses a consistent alias for all occurrences of this import.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-08 19:30:33 +02:00
Sebastiaan van Stijn
f691b13450
daemon: move code related to stats together
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-08 19:00:01 +02:00
Djordje Lukic
be4abf9d6e
Vendor containerd 1.6.x with the readonly mount fix
Uses containerd from release/1.6 commit c0efc63d39

Signed-off-by: Djordje Lukic <djordje.lukic@docker.com>
2023-04-07 10:57:48 +02:00
Djordje Lukic
41a230758c
c8d: Set the process user on exec
This change makes is possible to run `docker exec -u <UID> ...` when the
containerd integration is activated.

Signed-off-by: Djordje Lukic <djordje.lukic@docker.com>
2023-04-07 10:53:25 +02:00
Sebastiaan van Stijn
dd3b71d17c
Merge pull request #45290 from thaJeztah/fix_vendor
vendor: re-vendor to add missing file
2023-04-07 03:05:20 +02:00
Sebastiaan van Stijn
1bdceb8a65
Merge pull request #45281 from corhere/libnet/overlay-bpf-harder
libnetwork/drivers/overlay: only program xt_bpf rules
2023-04-07 01:12:12 +02:00
Sebastiaan van Stijn
3f09316e3b
vendor: re-vendor to add missing file
When running hack/vendor.sh, I noticed this file was added to vendor.
I suspect this should've been part of 0233029d5a,
but the vendor check doesn't appear to be catching this.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-07 01:01:13 +02:00
Sebastiaan van Stijn
b52765c8c9
Merge pull request #45283 from AkihiroSuda/dockerd-rootless-setuptool.sh-improve-messages
docker-rootless-setuptools.sh: improve readability of messages
2023-04-06 23:32:40 +02:00
Sebastiaan van Stijn
79bf167c0d
Merge pull request #45269 from vvoland/c8d-reference-filter
c8d/list: Implement `reference`
2023-04-06 23:30:55 +02:00
Albin Kerouanton
8ed900263e
libnetwork/overlay: remove host mode
Linux kernel prior to v3.16 was not supporting netns for vxlan
interfaces. As such, moby/libnetwork#821 introduced a "host mode" to the
overlay driver. The related kernel fix is available for rhel7 users
since v7.2.

This mode could be forced through the use of the env var
_OVERLAY_HOST_MODE. However this env var has never been documented and
is not referenced in any blog post, so there's little chance many people
rely on it. Moreover, this host mode is deemed as an implementation
details by maintainers. As such, we can consider it dead and we can
remove it without a prior deprecation warning.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-04-06 19:52:41 +02:00
Albin Kerouanton
1d46597c8b
libnetwork/overlay: remove KVObject implementation
Since 0fa873c, there's no function writing overlay networks to some
datastore. As such, overlay network struct doesn't need to implement
KVObject interface.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-04-06 19:52:29 +02:00
Albin Kerouanton
f32f09e78f
libnetwork/overlay: don't lock network when accessing subnet vni
Since a few commits, subnet's vni don't change during the lifetime of
the subnet struct, so there's no need to lock the network before
accessing it.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-04-06 19:52:27 +02:00
Albin Kerouanton
b67446a8fa
libnetwork: remove local store from overlay driver
Since the previous commit, data from the local store are never read,
thus proving it was only used for Classic Swarm.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-04-06 19:52:27 +02:00
Albin Kerouanton
8aa1060c34
libnetwork/overlay: remove live-restore support
The overlay driver in Swarm v2 mode doesn't support live-restore, ie.
the daemon won't even start if the node is part of a Swarm cluster and
live-restore is enabled. This feature was only used by Swarm Classic.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-04-06 19:52:27 +02:00
Albin Kerouanton
e3708a89cc
libnetwork/overlay: remove vni allocation
VNI allocations made by the overlay driver were only used by Classic
Swarm. With Swarm v2 mode, the driver ovmanager is responsible of
allocating & releasing them.

Previously, vxlanIdm was initialized when a global store was available
but since 142b522, no global store can be instantiated. As such,
releaseVxlanID actually does actually nothing and iptables rules are
never removed.

The last line of dead code detected by golangci-lint is now gone.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-04-06 19:52:27 +02:00
Albin Kerouanton
e251837445
libnetwork/overlay: remove Serf-based clustering
Prior to 0fa873c, the serf-based event loop was started when a global
store was available. Since there's no more global store, this event loop
and all its associated code is dead.

Most dead code detected by golangci-lint in prior commits is now gone.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-04-06 19:52:17 +02:00
Albin Kerouanton
644e3d4cdb
libnetwork/netlabel: remove dead code
- LocalKVProvider, LocalKVProviderURL, LocalKVProviderConfig,
  GlobalKVProvider, GlobalKVProviderURL and GlobalKVProviderConfig
  are all unused since moby/libnetwork@be2b6962 (moby/libnetwork#908).
- GlobalKVClient is unused since 0fa873c and c8d2c6e.
- MakeKVProvider, MakeKVProviderURL and MakeKVProviderConfig are unused
  since 96cfb076 (moby/moby#44683).
- MakeKVClient is unused since 142b5229 (moby/moby#44875).

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-04-06 19:51:56 +02:00
Albin Kerouanton
f8b5fe5724
libnetwork/netutils: remove dead code
- GetIfaceAddr is unused since moby/libnetwork@e51ead59
  (moby/libnetwork#670).
- ValidateAlias and ParseAlias are unused since moby/moby@0645eb84
  (moby/moby#42539).

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-04-06 19:33:04 +02:00
Albin Kerouanton
c8d2c6ea77
libnetwork: remove unused props from windows overlay driver
The overlay driver was creating a global store whenever
netlabel.GlobalKVClient was specified in its config argument. This
specific label is unused anymore since 142b522 (moby/moby#44875).

It was also creating a local store whenever netlabel.LocalKVClient was
specificed in its config argument. This store is unused since
moby/libnetwork@9e72136 (moby/libnetwork#1636).

Finally, the sync.Once properties are never used and thus can be
deleted.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-04-06 19:33:04 +02:00
Albin Kerouanton
0fa873c0fe
libnetwork: remove global store from overlay driver
The overlay driver was creating a global store whenever
netlabel.GlobalKVClient was specified in its config argument. This
specific label is not used anymore since 142b522 (moby/moby#44875).

golangci-lint now detects dead code. This will be fixed in subsequent
commits.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-04-06 19:33:04 +02:00
Albin Kerouanton
00037cd44b
libnetwork: remove ovrouter cmd
This command was useful when overlay networks based on external KV store
was developed but is unused nowadays.

As the last reference to OverlayBindInterface and OverlayNeighborIP
netlabels are in the ovrouter cmd, they're removed too.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-04-06 19:33:04 +02:00
Paweł Gronowski
e0f36f9d8b
ImageService: Pass ctx to Children
This only makes the containerd ImageService implementation respect
context cancellation though.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2023-04-06 14:27:38 +02:00
Paweł Gronowski
bea751beb7
c8d: Implement Children by comparing diff ids
Implement Children method for containerd image store which makes the
`ancestor` filter work for `docker ps`. Checking if image is a children
of other image is implemented by comparing their rootfs diffids because
containerd image store doesn't have a concept of image parentship like
the graphdriver store. The child is expected to have more layers than
the parent and should start with all parent layers.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2023-04-06 14:27:37 +02:00
Paweł Gronowski
ba47cdcc0b
c8d/list: Implement reference filter
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2023-04-06 13:44:52 +02:00
Akihiro Suda
4aa2876c75
docker-rootless-setuptools.sh: improve readability of messages
Before:
```console
$ docker-rootless-setuptool.sh install
...
[INFO] Use CLI context "rootless"
Current context is now "rootless"

[INFO] Make sure the following environment variables are set (or add them to ~/.bashrc):

export PATH=/usr/local/bin:$PATH
Some applications may require the following environment variable too:
export DOCKER_HOST=unix:///run/user/1001/docker.sock
```

After:
```console
$ docker-rootless-setuptool.sh install
...
[INFO] Using CLI context "rootless"
Current context is now "rootless"

[INFO] Make sure the following environment variable(s) are set (or add them to ~/.bashrc):
export PATH=/usr/local/bin:$PATH

[INFO] Some applications may require the following environment variable too:
export DOCKER_HOST=unix:///run/user/1001/docker.sock
```

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2023-04-06 14:12:20 +09:00
Sebastiaan van Stijn
58c027ac8b
Merge pull request #45275 from thaJeztah/bump_go1.20.3
update go to go1.20.3
2023-04-05 23:02:48 +02:00
Cory Snider
4d04068184 libn/d/overlay: only program xt_bpf rules
Drop support for platforms which only have xt_u32 but not xt_bpf. No
attempt is made to clean up old xt_u32 iptables rules left over from a
previous daemon instance.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-04-05 11:50:03 -04:00
Sebastiaan van Stijn
e8a79114b8
Merge pull request #45274 from thaJeztah/container_as_source_of_truth
c8d: use the container's configured snapshotter where possible
2023-04-05 17:03:18 +02:00
Sebastiaan van Stijn
f6cc8e3512
update go to go1.20.3
go1.20.3 (released 2023-04-04) includes security fixes to the go/parser,
html/template, mime/multipart, net/http, and net/textproto packages, as well
as bug fixes to the compiler, the linker, the runtime, and the time package.
See the Go 1.20.3 milestone on our issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.20.3+label%3ACherryPickApproved

full diff: https://github.com/golang/go/compare/go1.20.2...go1.20.3

Further details from the announcement on the mailing list:

We have just released Go versions 1.20.3 and 1.19.8, minor point releases.
These minor releases include 4 security fixes following the security policy:

- go/parser: infinite loop in parsing

  Calling any of the Parse functions on Go source code which contains `//line`
  directives with very large line numbers can cause an infinite loop due to
  integer overflow.
  Thanks to Philippe Antoine (Catena cyber) for reporting this issue.
  This is CVE-2023-24537 and Go issue https://go.dev/issue/59180.

- html/template: backticks not treated as string delimiters

  Templates did not properly consider backticks (`) as Javascript string
  delimiters, and as such did not escape them as expected. Backticks are
  used, since ES6, for JS template literals. If a template contained a Go
  template action within a Javascript template literal, the contents of the
  action could be used to terminate the literal, injecting arbitrary Javascript
  code into the Go template.

  As ES6 template literals are rather complex, and themselves can do string
  interpolation, we've decided to simply disallow Go template actions from being
  used inside of them (e.g. "var a = {{.}}"), since there is no obviously safe
  way to allow this behavior. This takes the same approach as
  github.com/google/safehtml. Template.Parse will now return an Error when it
  encounters templates like this, with a currently unexported ErrorCode with a
  value of 12. This ErrorCode will be exported in the next major release.

  Users who rely on this behavior can re-enable it using the GODEBUG flag
  jstmpllitinterp=1, with the caveat that backticks will now be escaped. This
  should be used with caution.

  Thanks to Sohom Datta, Manipal Institute of Technology, for reporting this issue.

  This is CVE-2023-24538 and Go issue https://go.dev/issue/59234.

- net/http, net/textproto: denial of service from excessive memory allocation

  HTTP and MIME header parsing could allocate large amounts of memory, even when
  parsing small inputs.

  Certain unusual patterns of input data could cause the common function used to
  parse HTTP and MIME headers to allocate substantially more memory than
  required to hold the parsed headers. An attacker can exploit this behavior to
  cause an HTTP server to allocate large amounts of memory from a small request,
  potentially leading to memory exhaustion and a denial of service.
  Header parsing now correctly allocates only the memory required to hold parsed
  headers.

  Thanks to Jakob Ackermann (@das7pad) for discovering this issue.

  This is CVE-2023-24534 and Go issue https://go.dev/issue/58975.

- net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption

  Multipart form parsing can consume large amounts of CPU and memory when
  processing form inputs containing very large numbers of parts. This stems from
  several causes:

  mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form
  can consume. ReadForm could undercount the amount of memory consumed, leading
  it to accept larger inputs than intended. Limiting total memory does not
  account for increased pressure on the garbage collector from large numbers of
  small allocations in forms with many parts. ReadForm could allocate a large
  number of short-lived buffers, further increasing pressure on the garbage
  collector. The combination of these factors can permit an attacker to cause an
  program that parses multipart forms to consume large amounts of CPU and
  memory, potentially resulting in a denial of service. This affects programs
  that use mime/multipart.Reader.ReadForm, as well as form parsing in the
  net/http package with the Request methods FormFile, FormValue,
  ParseMultipartForm, and PostFormValue.

  ReadForm now does a better job of estimating the memory consumption of parsed
  forms, and performs many fewer short-lived allocations.

  In addition, mime/multipart.Reader now imposes the following limits on the
  size of parsed forms:

  Forms parsed with ReadForm may contain no more than 1000 parts. This limit may
  be adjusted with the environment variable GODEBUG=multipartmaxparts=. Form
  parts parsed with NextPart and NextRawPart may contain no more than 10,000
  header fields. In addition, forms parsed with ReadForm may contain no more
  than 10,000 header fields across all parts. This limit may be adjusted with
  the environment variable GODEBUG=multipartmaxheaders=.

  Thanks to Jakob Ackermann for discovering this issue.

  This is CVE-2023-24536 and Go issue https://go.dev/issue/59153.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-05 14:24:07 +02:00