Commit graph

44878 commits

Author SHA1 Message Date
Cory Snider
ca712d6947 Fix loop-closure bugs in tests
...which were flagged by golangci-lint v1.51.

Signed-off-by: Cory Snider <csnider@mirantis.com>
(cherry picked from commit 0c68b655f6)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-22 12:26:38 -05:00
Bjorn Neergaard
3627bac886
Merge pull request #45058 from thaJeztah/23.0_backport_bump_bbolt_1.3.7_20230217
[23.0 backport] dependency: bump go.etcd.io/bbolt to v1.3.7
2023-02-22 10:08:04 -07:00
Benjamin Wang
8fd038fb71
dependency: bump go.etcd.io/bbolt to v1.3.7
Please refer to link below to get more detailed info on bbolt@v1.3.7,
- https://github.com/etcd-io/bbolt/blob/master/CHANGELOG/CHANGELOG-1.3.md#v1372023-01-31

Signed-off-by: Benjamin Wang <wachao@vmware.com>
(cherry picked from commit 4a886a3e8f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-22 17:12:50 +01:00
Bjorn Neergaard
ab7dd5934e
Merge pull request #45056 from thaJeztah/23.0_backport_bump_golang_net
[23.0 backport] vendor: golang.org/x/net v0.7.0, golang.org/x/sys v0.5.0, golang.org/x/text v0.7.0
2023-02-22 08:35:12 -07:00
Sebastiaan van Stijn
87a1517f8f
vendor: golang.org/x/net v0.7.0
This addresses the same CVE as is patched in go1.19.6. From that announcement:

> net/http: avoid quadratic complexity in HPACK decoding
>
> A maliciously crafted HTTP/2 stream could cause excessive CPU consumption
> in the HPACK decoder, sufficient to cause a denial of service from a small
> number of small requests.
>
> This issue is also fixed in golang.org/x/net/http2 v0.7.0, for users manually
> configuring HTTP/2.
>
> This is CVE-2022-41723 and Go issue https://go.dev/issue/57855.

full diff: https://github.com/golang/net/compare/v0.5.0...v0.7.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit a36286cf89)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-22 13:33:56 +01:00
Sebastiaan van Stijn
d15010643c
vendor: golang.org/x/text v0.7.0
full diff: https://github.com/golang/text/compare/v0.6.0...v0.7.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit c7de76569e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-22 13:33:46 +01:00
Sebastiaan van Stijn
0727310950
vendor: golang.org/x/sys v0.5.0
full diff: https://github.com/golang/sys/compare/v0.4.0...v0.5.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit a53b44a266)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-22 13:33:32 +01:00
Bjorn Neergaard
9f496914d0
Merge pull request #45043 from neersighted/backport/44982/23.0
[23.0 backport] daemon: fully resolve `apparmor_parser` regression
2023-02-21 08:19:04 -07:00
Brian Goff
bb687c160a
Merge pull request #45022 from thaJeztah/23.0_containerd_binary_1.6.18
[23.0] update containerd binary to v1.6.18
2023-02-20 18:33:11 +00:00
Bjorn Neergaard
b8c448ef24
Revert "apparmor: Check if apparmor_parser is available"
This reverts commit ab3fa46502.

This fix was partial, and is not needed with the proper fix in
containerd.

Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
(cherry picked from commit c4c54683a9)
Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
2023-02-20 08:59:24 -07:00
Bjorn Neergaard
a3f5319563
vendor: github.com/containerd/containerd v1.6.18
Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
(cherry picked from commit 174802e15f)
Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
2023-02-20 08:59:20 -07:00
Sebastiaan van Stijn
d7d4866d70
Merge pull request #45021 from thaJeztah/23.0_backport_bump_go_1.19.6
[23.0 backport] update to go1.19.6
2023-02-17 13:51:09 +01:00
Bjorn Neergaard
a4e9b25461
Merge pull request #45020 from corhere/backport-23.0/libnetwork-test-race
[23.0 backport] libnetwork/networkdb: make go test -race ./libnetwork/networkdb pass
2023-02-16 18:15:37 -07:00
Sebastiaan van Stijn
52d667794f
[23.0] update containerd binary to v1.6.18
update containerd binary to v1.6.18, which includes fixes for CVE-2023-25153
and CVE-2023-25173.

1.6.18 release notes: https://github.com/containerd/containerd/releases/tag/v1.6.18

> - Fix OCI image importer memory exhaustion (GHSA-259w-8hf6-59c2)
> - Fix supplementary groups not being set up properly (GHSA-hmfx-3pcx-653p)
> - Revert removal of /sbin/apparmor_parser check
> - Update Go to 1.19.6

full diff: https://github.com/containerd/containerd/compare/v1.6.17...v1.6.18

1.6.17 release notes: https://github.com/containerd/containerd/releases/tag/v1.6.17

> - Add network plugin metrics
> - Update mkdir permission on /etc/cni to 0755 instead of 0700
> - Export remote snapshotter label handler
> - Add support for default hosts.toml configuration

full diff: https://github.com/containerd/containerd/compare/v1.6.16...v1.6.17

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-17 01:23:43 +01:00
Sebastiaan van Stijn
11715a05ca
update to go1.19.6
go1.19.6 (released 2023-02-14) includes security fixes to the crypto/tls,
mime/multipart, net/http, and path/filepath packages, as well as bug fixes to
the go command, the linker, the runtime, and the crypto/x509, net/http, and
time packages. See the Go 1.19.6 milestone on our issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.19.6+label%3ACherryPickApproved

From the announcement on the security mailing:

We have just released Go versions 1.20.1 and 1.19.6, minor point releases.

These minor releases include 4 security fixes following the security policy:

- path/filepath: path traversal in filepath.Clean on Windows

  On Windows, the filepath.Clean function could transform an invalid path such
  as a/../c:/b into the valid path c:\b. This transformation of a relative (if
  invalid) path into an absolute path could enable a directory traversal attack.
  The filepath.Clean function will now transform this path into the relative
  (but still invalid) path .\c:\b.

  This is CVE-2022-41722 and Go issue https://go.dev/issue/57274.

- net/http, mime/multipart: denial of service from excessive resource
  consumption

  Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely
  unlimited amounts of memory and disk files. This also affects form parsing in
  the net/http package with the Request methods FormFile, FormValue,
  ParseMultipartForm, and PostFormValue.

  ReadForm takes a maxMemory parameter, and is documented as storing "up to
  maxMemory bytes +10MB (reserved for non-file parts) in memory". File parts
  which cannot be stored in memory are stored on disk in temporary files. The
  unconfigurable 10MB reserved for non-file parts is excessively large and can
  potentially open a denial of service vector on its own. However, ReadForm did
  not properly account for all memory consumed by a parsed form, such as map
  ntry overhead, part names, and MIME headers, permitting a maliciously crafted
  form to consume well over 10MB. In addition, ReadForm contained no limit on
  the number of disk files created, permitting a relatively small request body
  to create a large number of disk temporary files.

  ReadForm now properly accounts for various forms of memory overhead, and
  should now stay within its documented limit of 10MB + maxMemory bytes of
  memory consumption. Users should still be aware that this limit is high and
  may still be hazardous.

  ReadForm now creates at most one on-disk temporary file, combining multiple
  form parts into a single temporary file. The mime/multipart.File interface
  type's documentation states, "If stored on disk, the File's underlying
  concrete type will be an *os.File.". This is no longer the case when a form
  contains more than one file part, due to this coalescing of parts into a
  single file. The previous behavior of using distinct files for each form part
  may be reenabled with the environment variable
  GODEBUG=multipartfiles=distinct.

  Users should be aware that multipart.ReadForm and the http.Request methods
  that call it do not limit the amount of disk consumed by temporary files.
  Callers can limit the size of form data with http.MaxBytesReader.

  This is CVE-2022-41725 and Go issue https://go.dev/issue/58006.

- crypto/tls: large handshake records may cause panics

  Both clients and servers may send large TLS handshake records which cause
  servers and clients, respectively, to panic when attempting to construct
  responses.

  This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable
  session resumption (by setting Config.ClientSessionCache to a non-nil value),
  and TLS 1.3 servers which request client certificates (by setting
  Config.ClientAuth
  > = RequestClientCert).

  This is CVE-2022-41724 and Go issue https://go.dev/issue/58001.

- net/http: avoid quadratic complexity in HPACK decoding

  A maliciously crafted HTTP/2 stream could cause excessive CPU consumption
  in the HPACK decoder, sufficient to cause a denial of service from a small
  number of small requests.

  This issue is also fixed in golang.org/x/net/http2 v0.7.0, for users manually
  configuring HTTP/2.

  This is CVE-2022-41723 and Go issue https://go.dev/issue/57855.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 94feb31516)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-17 01:17:42 +01:00
Cory Snider
962c238c17 libnet/networkdb: use atomics for stats counters
The per-network statistics counters are loaded and incremented without
any concurrency control. Use atomic integers to prevent data races
without having to add any synchronization.

Signed-off-by: Cory Snider <csnider@mirantis.com>
(cherry picked from commit d31fa84c7c)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-16 19:16:36 -05:00
Tibor Vass
20d05e235e libnetwork/networkdb: make go test -race ./libnetwork/networkdb pass
Signed-off-by: Tibor Vass <teabee89@gmail.com>
Co-authored-by: Cory Snider <csnider@mirantis.com>
Signed-off-by: Cory Snider <csnider@mirantis.com>
(cherry picked from commit 3539452ef0)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-16 19:16:36 -05:00
Bjorn Neergaard
6bf50c09a4
Merge pull request #45016 from corhere/backport-23.0/fix-spammy-cluster-api-logs
[23.0 backport] api/s/r/swarm: log backend errors at Debug level
2023-02-16 16:23:01 -07:00
Cory Snider
c2d69d06b0 api/s/r/swarm: log backend errors at Debug level
The errors are already returned to the client in the API response, so
logging them to the daemon log is redundant. Log the errors at level
Debug so as not to pollute the end-users' daemon logs with noise.

Refactor the logs to use structured fields. Add the request context to
the log entry so that logrus hooks could annotate the log entries with
contextual information about the API request in the hypothetical future.

Fixes #44997

Signed-off-by: Cory Snider <csnider@mirantis.com>
(cherry picked from commit a4e3c67e44)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-16 11:30:06 -05:00
Cory Snider
111658c7f0
Merge pull request #45000 from corhere/backport-23.0/fix-dns-opt-host-loopback
[23.0 backport] libnetwork: check DNS loopback with user DNS opts
2023-02-14 16:16:49 -05:00
Cory Snider
7c09feb58c libnetwork: check DNS loopback with user DNS opts
DNS servers in the loopback address range should always be resolved in
the host network namespace when the servers are configured by reading
from the host's /etc/resolv.conf. The daemon mistakenly conflated the
presence of DNS options (docker run --dns-opt) with user-supplied DNS
servers, treating the list of servers loaded from the host as a user-
supplied list and attempting to resolve in the container's network
namespace. Correct this oversight so that loopback DNS servers are only
resolved in the container's network namespace when the user provides the
DNS server list, irrespective of other DNS configuration.

Signed-off-by: Cory Snider <csnider@mirantis.com>
(cherry picked from commit 046cc9e776)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-14 14:51:12 -05:00
Cory Snider
ecd940a0c6
Merge pull request #44980 from er0k/bad-dns
[23.0] Fix nil pointer dereference when attempting to log DNS errors
2023-02-14 12:25:20 -05:00
er0k
6c2637be11
Do not log connection info before the connection exists
If the resolver encounters an error before it attempts to forward the
request to external DNS, do not try to log information about the
external connection, because at this point `extConn` is `nil`. This
makes sure `dockerd` won't panic and crash from a nil pointer
dereference when it sees an invalid DNS query.

fixes #44979

Signed-off-by: er0k <er0k@er0k.net>
2023-02-13 12:48:41 -05:00
Bjorn Neergaard
bc3805a0a0
Merge pull request #44959 from tonistiigi/23.0-buildkit-update-0208
[23.0] vendor: update buildkit to latest v0.10
2023-02-09 12:11:28 -07:00
Tonis Tiigi
4002fa877b
vendor: update buildkit to latest v0.10
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2023-02-08 07:57:57 -08:00
Bjorn Neergaard
77f3d31ed6
Merge pull request #44944 from thaJeztah/23.0_backport_worker_getremotes
[23.0 backport] builder: define GetRemotes for the worker
2023-02-08 08:44:21 -07:00
Tonis Tiigi
e697c9365f
builder: define GetRemotes for the worker
The function signature has changed since v0.10.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit 335907d187)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-08 01:01:18 +01:00
Sebastiaan van Stijn
1141704bc9
Merge pull request #44952 from thaJeztah/23.0_backport_ci_fix_workflows
[23.0 backport] ci: fix branch filter pattern in buildkit workflow
2023-02-08 00:59:40 +01:00
CrazyMax
4c544c3d5f
ci: fix branch filter pattern in buildkit workflow
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit 80f8432b52)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-07 23:45:04 +01:00
Bjorn Neergaard
f7e2cbaf1b
Merge pull request #44948 from crazy-max/23.0_backport_ci-itg-cli-split
[23.0 backport] ci: enhance tests distribution
2023-02-07 12:43:42 -07:00
CrazyMax
06aca27cc1
ci: enhance tests distribution
Adds overrides with specific tests suites in our tests
matrix so we can reduce build time significantly.

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit 22776f8fdb)
2023-02-07 16:50:50 +01:00
Kevin Alvarez
001b2e778a
ci: update gotestlist to 0.3.1
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit e304e82b66)
2023-02-07 16:50:49 +01:00
Sebastiaan van Stijn
e664cc2239
Merge pull request #44942 from vvoland/apparmor-check-binary-23
[23.0 backport] apparmor: Check if apparmor_parser is available
2023-02-07 13:13:18 +01:00
Sebastiaan van Stijn
a25ab9224a
Merge pull request #44936 from thaJeztah/23.0_update_buildkit
[23.0] vendor: github.com/moby/buildkit v0.10.7-0.20230206124303-b8fdb4b78da0
2023-02-07 11:29:35 +01:00
Paweł Gronowski
38b70ebc3b
apparmor: Check if apparmor_parser is available
`hostSupports` doesn't check if the apparmor_parser is available.
It's possible in some environments that the apparmor will be enabled but
the tool to load the profile is not available which will cause the
ensureDefaultAppArmorProfile to fail completely.

This patch checks if the apparmor_parser is available. Otherwise the
function returns early, but still logs a warning to the daemon log.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit ab3fa46502)
2023-02-07 11:23:06 +01:00
Sebastiaan van Stijn
8a5d341d94
[23.0] vendor: github.com/moby/buildkit v0.10.7-0.20230206124303-b8fdb4b78da0
full diff: https://github.com/moby/buildkit/compare/v0.10.6...b8fdb4b78da0127260ba39b9b7de048cb3877203

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-07 09:55:22 +01:00
Bjorn Neergaard
fc5d6c97b3
Merge pull request #44937 from corhere/backport-23.0/fix-44925-ipvlan-panic
[23.0 backport] libnet/d/ipvlan: gracefully migrate from older dbs
2023-02-06 22:56:35 -07:00
Cory Snider
427101f656 libnet/d/ipvlan: gracefully migrate from older dbs
IPVLAN networks created on Moby v20.10 do not have the IpvlanFlag
configuration value persisted in the libnetwork database as that config
value did not exist before v23.0.0. Gracefully migrate configurations on
unmarshal to prevent type-assertion panics at daemon start after upgrade.

Fixes #44925

Signed-off-by: Cory Snider <csnider@mirantis.com>
(cherry picked from commit 91725ddc92)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-06 18:16:21 -05:00
Sebastiaan van Stijn
b67344b81c
Merge pull request #44938 from thaJeztah/23.0_backport_dockerfile_git_dubious
[23.0 backport] Dockerfile: configure code dir as "safe" directory
2023-02-07 00:14:30 +01:00
Sebastiaan van Stijn
5b7142073f
Dockerfile: configure code dir as "safe" directory
CI is failing when bind-mounting source from the host into the dev-container;

    fatal: detected dubious ownership in repository at '/go/src/github.com/docker/docker'
    To add an exception for this directory, call:

        git config --global --add safe.directory /go/src/github.com/docker/docker

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 21677816a0)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-06 21:08:42 +01:00
Bjorn Neergaard
bacf32d9ab
Merge pull request #44892 from corhere/backport-23.0/fix-kata-exec-exit
[23.0 backport] Fix exit-event handling for Kata runtime
2023-02-06 12:02:50 -07:00
Brian Goff
7df264966b
Merge pull request #44922 from neersighted/backport/44916/23.0
[23.0 backport] graphdriver/overlay2: usingMetacopy ENOTSUP is non-fatal
2023-02-04 06:54:29 -08:00
Bjorn Neergaard
7e03250780
graphdriver/overlay2: usingMetacopy ENOTSUP is non-fatal
Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
(cherry picked from commit 3bcb350711)
Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
2023-02-04 00:07:08 -07:00
Cory Snider
975bdb2c96 daemon: identify container exits by ProcessID
The Pid field of an exit event cannot be relied upon to differentiate
exits of the container's task from exits of other container processes,
i.e. execs. The Pid is reported by the runtime and is implementation-
defined so there is no guarantee that a task's pid is distinct from the
pids of any other process in the same container. In particular,
kata-containers reports the pid of the hypervisor for all exit events.
Update the daemon to differentiate container exits from exec exits by
inspecting the event's ProcessID.

The local_windows libcontainerd implementation already sets the
ProcessID to InitProcessName on container exit events. Update the remote
libcontainerd implementation to match. ContainerD guarantees that the
process ID of a task (container init process) is set to the
corresponding container ID, so use that invariant to distinguish task
exits from other process exits.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-01-31 12:14:50 -05:00
Sebastiaan van Stijn
d7573ab867
Merge pull request #44885 from thaJeztah/23.0_backport_update_containerd
[23.0 backport] vendor: github.com/containerd/containerd v1.6.16
2023-01-31 15:29:44 +01:00
Sebastiaan van Stijn
9df87eaa9c
Merge pull request #44883 from thaJeztah/23.0_backport_invalid_character
[23.0 backport] client: improve error messaging on crash
2023-01-31 15:28:37 +01:00
Sebastiaan van Stijn
de3f216113
Merge pull request #44884 from thaJeztah/23.0_backport_rm_install_suffix
[23.0 backport] hack: remove -installsuffix build flag
2023-01-31 13:56:33 +01:00
Akihiro Suda
20203f0c92
Merge pull request #44881 from thaJeztah/23.0_containerd_binary_1.6.16
[23.0] update containerd binary to v1.6.16
2023-01-31 02:00:12 +09:00
Sebastiaan van Stijn
610250f06e
vendor: github.com/containerd/containerd v1.6.16
Notable Updates

- Fix push error propagation
- Fix slice append error with HugepageLimits for Linux
- Update default seccomp profile for PKU and CAP_SYS_NICE
- Fix overlayfs error when upperdirlabel option is set

full diff: https://github.com/containerd/containerd/compare/v1.6.15...v1.6.16

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit c41c8c2f86)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-01-30 15:08:36 +01:00
Sebastiaan van Stijn
63a0f1fe09
vendor: github.com/pelletier/go-toml v1.9.5
Contains a fix that prevents a panic on an invalid toml file.

full diff: https://github.com/pelletier/go-toml/compare/v1.9.4...v1.9.5

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 22098745e7)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-01-30 15:08:36 +01:00