The base selinux policies on centos/rhel/oraclelinux have all been
updated in a way that conflicts with the policies we install with
`docker-engine-selinux`. This patch fixes these conflicts.
In addition, removes special cases for old/unsupported versions of
fedora in our selinux package, and change to use a single minimum
version for the selinux base policy package, as this is the minimum
version required to use our selinux policy package.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit ec9a05e5e2)
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This is a temporary version for building
Fedora 25. Fedora 25 will be released during
code-freeze, and is currently in beta, so no
official images are available yet.
Current release date is scheduled for 2016-11-15
https://fedoraproject.org/wiki/Releases/25/Schedule
Once released, the image will be updated for
GA
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
There is no reason to duplicate efforts and tini is well built and
better than grimes. It is a much stronger option for the default init
and @krallin has done a great job maintaining it and helping make
changes so that it will work with Docker.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Allow each script to run directly without the hack/make.sh wrapper. These
scripts do not produce artifacts and do not benefit from the "bundles"
framework.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
The PowerShell completion script was outdated,
and removed from this repository in
65fdbf0210.
A more up to date implementation can be found
here; https://github.com/samneirinck/posh-docker
Removing this script from the tgz
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
* change workdir for accessing install-binaries.sh
* use other gopath for binaries to preserve sources
* add sources of proxy and grimes to rpc spec
* use dynamic proxy with -linkmode external in deb and rpm
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Right now we do have a problem to store the .debs for raspbian-jessie and
debian-jessie distro version for armhf arch. Both .debs have the same filename
so we have to include the distro version, too.
Signed-off-by: Dieter Reuter <dieter.reuter@me.com>
This means we can vendor libnetwork without special casing, and
it is built the same way as the other external binaries.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This adds a small C binary for fighting zombies. It is mounted under
`/dev/init` and is prepended to the args specified by the user. You
enable it via a daemon flag, `dockerd --init`, as it is disable by
default for backwards compat.
You can also override the daemon option or specify this on a per
container basis with `docker run --init=true|false`.
You can test this by running a process like this as the pid 1 in a
container and see the extra zombie that appears in the container as it
is running.
```c
int main(int argc, char ** argv) {
pid_t pid = fork();
if (pid == 0) {
pid = fork();
if (pid == 0) {
exit(0);
}
sleep(3);
exit(0);
}
printf("got pid %d and exited\n", pid);
sleep(20);
}
```
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
moves ensure-frozen-images to go
moves ensure-syscall-test to go
moves ensure-nnp-test to go
moves ensure-httpserver to go
Also makes some of the fixtures load only for the required tests.
This makes sure that fixtures that won't be needed for a test run such as
`make TESTFLAGS='-check.f Swarm' test-integration-cli` (for example)
aren't loaded... like the syscall tests.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Passses down BUILD_APT_MIRROR to the docker env.
Ensures BUILD_APT_MIRROR is used when building debs, but only when the
consuming `Dockerfile` actually uses it, otherwise it will cause the
build to fail (e.g. on Ubuntu builds we aren't using APT_MIRROR).
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Adds a new bundle `verify-integration-tests` which pre-compiles a test
binary for the integration tests.
This makes sure that the integration tests will actually compile before
doing other tasks which take much longer, such as building dockerd and
loading test fixtures.
When it comes time to actually run the tests, the pre-compiled binary
will be used so it doesn't have to compile the tests a 2nd time.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This patch allows to only release the packages that were built and are
present under the bundles/ directory instead of assuming packages exist
for all distros enumerated in the contrib/builder/ directory.
It also now adds support for armhf architecture for apt repositories.
Signed-off-by: Tibor Vass <tibor@docker.com>
Interactive integration testing is useful when you're developing new tests, or
making changes to cli code.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
This adds the ability to have different profiles for individual distros
and versions of the distro because they all ship with and depend on
different versions of policy packages.
The `selinux` dir contains the unmodified policy that is being used
today. The `selinux-fedora` dir contains the new policy for fedora 24
with the changes for it to compile and work on the system.
The fedora policy is from commit
4a6ce94da5
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
