commit 56f77d5ade
added support for cpu-rt-period and cpu-rt-runtime,
but always initialized the cgroup path, even if not
used.
As a result, containers failed to start on a
read-only filesystem.
This patch only creates the cgroup path if
one of these options is set.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
commit 9322636c89
temporarily switched to a fork of go-memdb, because
a pull request that was needed was not yet merged
upstream.
this pull request was merged, so we can un-fork
this dependency.
this change does not bump the dependency, and
only un-forks. bumping the dependency should
be done in a separate change, if needed.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The keyserver infrastructure is unreliable, and just adds another point
of failure without adding any security. Instead, commit the key used at
build time for ZFS to the repo, and inline our signing key into the
install script rather than just its fingerprint.
fix#28510fix#13555
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
The `digest` data type, used throughout docker for image verification
and identity, has been broken out into `opencontainers/go-digest`. This
PR updates the dependencies and moves uses over to the new type.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
`plugins.GetAll()` was not locking the plugin map when checking if a
plugin exists, this can cause a race and potentially a panic if another
goroutine is trying to load a plugin into the map at the same time.
Also fixes a race during activation where a plugin inserts itself into
the plugin map but does not check if something else is already there.
This is already checked before trying to activate the plugin, however
the map lock is not held for this entire period, so other plugins may be
loaded during this time.
To fix, before inserting the plugin into the map, check if one with the
same name already exists and use that instead.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This test checks for the substring "foo" in the "secret ls" output. This
is a valid base36 substring and can sometimes show up by chance:
docker_cli_secret_create_test.go:86:
c.Assert(out, checker.Not(checker.Contains), name)
... obtained string = "" +
... "ID NAME CREATED UPDATED\n" +
... "ob8y4t4feuz8pn5h6vla9oxoz stefoo7e268ozqfupi9s4se9q Less than a second ago Less than a second ago\n"
... substring string = "foo"
Change the secret name to test_secret, matching other tests. Underscores
can't appear in base36 so this name is safe to grep for.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Vendor the latest official logrus release instead of a custom fork
(which now happens to be identical to the fork).
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
I often get complains that container removal failed and users got following
error message.
"Driver devicemapper failed to remove root filesystem 18a69ba82aaf7a039ce7d44156215012d703001643079775190ac7dd6c6acf56:Device is Busy"
This error message talks about container id but does not give any info
about which particular device id is busy. Most likely device is mounted
in some other mount namespace and if one knows the device id, they
can try to do some debugging figuring which process and which mount
namespace is keeping the device busy and how did we reach that stage.
Without that information, it becomes almost impossible to debug the
problem.
So to improve the debuggability, when device removal fails, also return
device id in error message. Now new message looks as follows.
"Driver devicemapper failed to remove root filesystem 18a69ba82aaf7a039ce7d44156215012d703001643079775190ac7dd6c6acf56: Failed to remove device dbc15bdf9994a17c613d8ef9e924f3cffbf67f91e4f709295c901ad628377991:Device is Busy"
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
