Add option to skip kernel check for older kernels which have been patched to support multiple lower directories in overlayfs.
Fixes#24023
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
(cherry picked from commit ff98da0607)
Signed-off-by: Tibor Vass <tibor@docker.com>
If the remote registry responds with a NAME_UNKNOWN error, treat this as
a fatal error and don't retry the push.
Tested against an ECR registry.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit a12ab28e0a)
Signed-off-by: Tibor Vass <tibor@docker.com>
This fix fixes a minor typo in swarm tutorial's delete service docs.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 93fa7e7555)
Signed-off-by: Tibor Vass <tibor@docker.com>
The `--pid` flag was added in Docker 1.5.0, but the
API changes were not documented. In Docker 1.12.0,
`--pid=container:<name|id>` was added as an additional
option, but also undocumented.
This adds the missing API documentation for this
option.
Also see commits
47e3da848f (for 1.5.0), and
ebeb5a0422 (for 1.12.0).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 2c9b5addc5)
Signed-off-by: Tibor Vass <tibor@docker.com>
We use containerd and there is no execution driver anymore.
Addresses: https://github.com/docker/docker/issues/24461
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
(cherry picked from commit 1fb1136fec)
Signed-off-by: Tibor Vass <tibor@docker.com>
For any operation that involves netwoks (other than network create),
swarmkit expects the target as network-id. Service upate was using
network-name as the target and that caused the issue.
Signed-off-by: Madhu Venugopal <madhu@docker.com>
(cherry picked from commit b32cfb32a3)
Signed-off-by: Tibor Vass <tibor@docker.com>
This fix tries to address the issue raised in #24374 where
`docker info` outputs seccomp support in Ubuntu 14.04 but
the seccomp wass not actually supported.
The issue is that in the current docker implementation, seccomp
support is only checked against the kernel by inspect CONFIG_SECCOMP
and CONFIG_SECCOMP_FILTER. However, seccomp might not be enabled
when building docker (through golang build flag).
This fix adds a supportSeccomp boolean variable. The supportSeccomp
is only set to true when seccomp is enabled when building docker.
This fix fixes#24374.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit a3b9dd89a1)
Signed-off-by: Tibor Vass <tibor@docker.com>
This fix adds a couple of missed release tag reference links in deprecated.md
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit bc20354b09)
Signed-off-by: Tibor Vass <tibor@docker.com>
Fixes `make test` and fix#24380 on aarch64
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
(cherry picked from commit d37a7394ac)
Signed-off-by: Tibor Vass <tibor@docker.com>
This patch makes sure daemon resources are cleaned up on shutdown if
there are no running containers.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 2d5dc94b9b)
Signed-off-by: Tibor Vass <tibor@docker.com>
This was missed in #23312 even though the other parts of
this were fixed.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
(cherry picked from commit 47ace5cd98)
Signed-off-by: Tibor Vass <tibor@docker.com>
This is now up to date with contents of 1.12 tgz
Also change usage to `dockerd` not `docker daemon`
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
(cherry picked from commit 7102e09f29)
Signed-off-by: Tibor Vass <tibor@docker.com>
Needed for libnetwork vendoring
Update Secret API name change correspondingly
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
(cherry picked from commit d428a7a425)
Signed-off-by: Tibor Vass <tibor@docker.com>
Update now that the changes in https://github.com/docker/libnetwork/pull/1230
have been merged
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
(cherry picked from commit 3ae0c66450)
Signed-off-by: Tibor Vass <tibor@docker.com>
This reduces memory usage with a lot of docker proxy processes.
On Docker for Mac we are currently carrying a patch to replace
the binary as we modify it to forward ports to the Mac rather
than the Linux VM, this allows us to simply replace this binary
in our packaging with one that has a compatible interface. This
patch does not provide an easy way to substitute a binary as
the interface is complex and there are few use cases, but where
needed this can be done.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
(cherry picked from commit 0682468431)
Signed-off-by: Tibor Vass <tibor@docker.com>
- Update ps with `--last` flag
- Update commands with current output
- Make sure hugo does not detect the wrong language
- Update usage for `tag` command to be more coherent with the other ones
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit f4cfc6b983)
Signed-off-by: Tibor Vass <tibor@docker.com>
The current behavior of `docker swarm init` is to set up a swarm that
has no secret for joining, and does not require manual acceptance for
workers. Since workers may sometimes receive sensitive data such as pull
credentials, it makes sense to harden the defaults.
This change makes `docker swarm init` generate a random secret if none
is provided, and print it to the terminal. This secret will be needed to
join workers or managers to the swarm. In addition to improving access
control to the cluster, this setup removes an avenue for
denial-of-service attacks, since the secret is necessary to even create
an entry in the node list.
`docker swarm init --secret ""` will set up a swarm without a secret,
matching the old behavior. `docker swarm update --secret ""` removes the
automatically generated secret after `docker swarm init`.
Closes#23785
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit 7342e42fce)
Signed-off-by: Tibor Vass <tibor@docker.com>
In the API:
`Writable` changed to `ReadOnly`
`Populate` changed to `NoCopy`
Corresponding CLI options updated to:
`volume-writable` changed to `volume-readonly`
`volume-populate` changed to `volume-nocopy`
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 56f3422468)
Signed-off-by: Tibor Vass <tibor@docker.com>
