Commit graph

46301 commits

Author SHA1 Message Date
Drew Erny
cdb1293eea Fix missing Topology in NodeCSIInfo
Added code to correctly retrieve and convert the Topology from the gRPC
Swarm Node.

Signed-off-by: Drew Erny <derny@mirantis.com>
2023-06-23 11:45:50 -05:00
Bjorn Neergaard
8d070e30f5
Merge pull request #45797 from corhere/fix-health-probe-double-unlock
daemon: fix double-unlock in health check probe
2023-06-22 18:17:09 -06:00
Cory Snider
5dbb5cc3e5
Merge pull request #45792 from corhere/fix-45770-processevent-nil-check
daemon: fix panic on failed exec start
2023-06-22 18:05:10 -04:00
Cory Snider
786c9adaa2 daemon: fix double-unlock in health check probe
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-06-22 17:48:21 -04:00
Cory Snider
3b28a24e97 daemon: fix panic on failed exec start
If an exec fails to start in such a way that containerd publishes an
exit event for it, daemon.ProcessEvent will race
daemon.ContainerExecStart in handling the failure. This race has been a
long-standing bug, which was mostly harmless until
4bafaa00aa. After that change, the daemon
would dereference a nil pointer and crash if ProcessEvent won the race.
Restore the status quo buggy behaviour by adding a check to skip the
dereference if execConfig.Process is nil.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-06-22 17:04:51 -04:00
Sebastiaan van Stijn
eb76c93098
Merge pull request #45767 from crazy-max/fix-host-gateway
builder: pass host-gateway IP as worker label
2023-06-22 22:56:57 +02:00
Sebastiaan van Stijn
b3843992fc
Merge pull request #45781 from neersighted/c8d_stargz_refcount 2023-06-21 16:46:51 +02:00
Sebastiaan van Stijn
5ff7be32f0
Merge pull request #45784 from vvoland/busybox-5007 2023-06-21 16:29:48 +02:00
Paweł Gronowski
e010223186
contrib/busybox: Update to FRP-5007-g82accfc19
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2023-06-21 14:15:05 +02:00
CrazyMax
21e50b89c9
builder: pass host-gateway IP as worker label
We missed a case when parsing extra hosts from the dockerfile
frontend so the build fails.

To handle this case we need to set a dedicated worker label
that contains the host gateway IP so clients like Buildx
can just set the proper host:ip when parsing extra hosts
that contain the special string "host-gateway".

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2023-06-21 13:21:38 +02:00
Sebastiaan van Stijn
404160ad87
Merge pull request #45579 from tonistiigi/otlp-traces-for-history
builder-next: enable OTLP tracing for history records
2023-06-21 01:05:49 +02:00
Sebastiaan van Stijn
ab60412cb4
Merge pull request #45736 from thaJeztah/reserve_once
daemon: registerName(): don't reserve name twice
2023-06-20 23:47:40 +02:00
Bjorn Neergaard
21c0a54a6b
c8d: mark stargz as requiring reference-counted mounts
The stargz snapshotter cannot be re-mounted, so the reference-counted
path must be used.

Co-authored-by: Djordje Lukic <djordje.lukic@docker.com>
Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
2023-06-20 12:59:13 -06:00
Sebastiaan van Stijn
66c497c5f1
Merge pull request #45738 from thaJeztah/dont_cancel_stop
don't cancel container stop when cancelling context
2023-06-20 17:01:53 +02:00
Akihiro Suda
3ecceafa32
Merge pull request #45776 from thaJeztah/update_buildx_0.11
Dockerfile: update buildx to v0.11.0
2023-06-20 22:49:33 +09:00
Sebastiaan van Stijn
4d831949a7
Dockerfile: update buildx to v0.11.0
Update the version of buildx we use in the dev-container to v0.11.0;
https://github.com/docker/buildx/releases/tag/v0.11.0

Full diff: https://github.com/docker/buildx/compare/v0.10.5..v0.11.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-20 12:34:21 +02:00
Sebastiaan van Stijn
fc94ed0a86
don't cancel container stop when cancelling context
Commit 90de570cfa passed through the request
context to daemon.ContainerStop(). As a result, cancelling the context would
cancel the "graceful" stop of the container, and would proceed with forcefully
killing the container.

This patch partially reverts the changes from 90de570cfa
and breaks the context to prevent cancelling the context from cancelling the stop.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-20 11:53:23 +02:00
Sebastiaan van Stijn
3fae7ea16f
Merge pull request #45769 from thaJeztah/fix_docker_py
testing: temporarily pin docker-py tests to use "bullseye"
2023-06-20 11:51:23 +02:00
Sebastiaan van Stijn
19d860fa9d
testing: temporarily pin docker-py tests to use "bullseye"
The official Python images on Docker Hub switched to debian bookworm,
which is now the current stable version of Debian.

However, the location of the apt repository config file changed, which
causes the Dockerfile build to fail;

    Loaded image: emptyfs:latest
    Loaded image ID: sha256:0df1207206e5288f4a989a2f13d1f5b3c4e70467702c1d5d21dfc9f002b7bd43
    INFO: Building docker-sdk-python3:5.0.3...
    tests/Dockerfile:6
    --------------------
       5 |     ARG APT_MIRROR
       6 | >>> RUN sed -ri "s/(httpredir|deb).debian.org/${APT_MIRROR:-deb.debian.org}/g" /etc/apt/sources.list \
       7 | >>>     && sed -ri "s/(security).debian.org/${APT_MIRROR:-security.debian.org}/g" /etc/apt/sources.list
       8 |
    --------------------
    ERROR: failed to solve: process "/bin/sh -c sed -ri \"s/(httpredir|deb).debian.org/${APT_MIRROR:-deb.debian.org}/g\" /etc/apt/sources.list     && sed -ri \"s/(security).debian.org/${APT_MIRROR:-security.debian.org}/g\" /etc/apt/sources.list" did not complete successfully: exit code: 2

This needs to be fixed in docker-py, but in the meantime, we can pin to
the bullseye variant.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-20 10:48:42 +02:00
Tonis Tiigi
cfa08f8366
builder-next: enable OTLP tracing for history records
This enables picking up OTLP tracing context for the gRPC
requests.

Also sets up the in-memory recorder that BuildKit History API
can use to store the traces associated with specific build
in a database after build completes.

This doesn't enable Jaeger tracing endpoints from env
but this can be easily enabled by adding another import if
maintainers want it.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2023-06-15 18:40:24 -07:00
Sebastiaan van Stijn
97455cc31f
Merge pull request #45504 from tianon/oci-history-master
Use OCI "History" type instead of inventing our own copy
2023-06-15 15:27:43 +02:00
Sebastiaan van Stijn
d2e7a6e799
Merge pull request #45744 from thaJeztah/update_go_1.20.5
update go to go1.20.5
2023-06-14 22:19:55 +02:00
Sebastiaan van Stijn
98a44bb18e
update go to go1.20.5
go1.20.5 (released 2023-06-06) includes four security fixes to the cmd/go and
runtime packages, as well as bug fixes to the compiler, the go command, the
runtime, and the crypto/rsa, net, and os packages. See the Go 1.20.5 milestone
on our issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.20.5+label%3ACherryPickApproved

full diff: https://github.com/golang/go/compare/go1.20.4...go1.20.5

These minor releases include 3 security fixes following the security policy:

- cmd/go: cgo code injection
  The go command may generate unexpected code at build time when using cgo. This
  may result in unexpected behavior when running a go program which uses cgo.

  This may occur when running an untrusted module which contains directories with
  newline characters in their names. Modules which are retrieved using the go command,
  i.e. via "go get", are not affected (modules retrieved using GOPATH-mode, i.e.
  GO111MODULE=off, may be affected).

  Thanks to Juho Nurminen of Mattermost for reporting this issue.

  This is CVE-2023-29402 and Go issue https://go.dev/issue/60167.

- runtime: unexpected behavior of setuid/setgid binaries

  The Go runtime didn't act any differently when a binary had the setuid/setgid
  bit set. On Unix platforms, if a setuid/setgid binary was executed with standard
  I/O file descriptors closed, opening any files could result in unexpected
  content being read/written with elevated prilieges. Similarly if a setuid/setgid
  program was terminated, either via panic or signal, it could leak the contents
  of its registers.

  Thanks to Vincent Dehors from Synacktiv for reporting this issue.

  This is CVE-2023-29403 and Go issue https://go.dev/issue/60272.

- cmd/go: improper sanitization of LDFLAGS

  The go command may execute arbitrary code at build time when using cgo. This may
  occur when running "go get" on a malicious module, or when running any other
  command which builds untrusted code. This is can by triggered by linker flags,
  specified via a "#cgo LDFLAGS" directive.

  Thanks to Juho Nurminen of Mattermost for reporting this issue.

  This is CVE-2023-29404 and CVE-2023-29405 and Go issues https://go.dev/issue/60305 and https://go.dev/issue/60306.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-14 12:47:05 +02:00
Sebastiaan van Stijn
a9788886e6
Merge pull request #45720 from ndeloof/copy_uidgid
fix `docker cp -a` failing to access `/` in container
2023-06-14 01:11:36 +02:00
Sebastiaan van Stijn
3ba67ee214
daemon: registerName(): don't reserve name twice
daemon.generateNewName() already reserves the generated name, but its name
did not indicate it did. The daemon.registerName() assumed that the generated
name still had to be reserved, which could mean it would try to reserve the
same name again.

This patch renames daemon.generateNewName to daemon.generateAndReserveName
to make it clearer what it does, and updates registerName() to return early
if it successfully generated (and registered) the container name.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-13 13:33:33 +02:00
Tianon Gravi
2a6ff3c24f Use OCI "History" type instead of inventing our own copy
The most notable change here is that the OCI's type uses a pointer for `Created`, which we probably should've been too, so most of these changes are accounting for that (and embedding our `Equal` implementation in the one single place it was used).

Signed-off-by: Tianon Gravi <admwiggin@gmail.com>
2023-06-12 13:47:17 -07:00
Sebastiaan van Stijn
4bef3e9ed3
Merge pull request #45729 from thaJeztah/remove_rootlesskit_dep
pkg/rootless: remove GetRootlessKitClient, and move to daemon
2023-06-12 14:58:42 +02:00
Sebastiaan van Stijn
59b5c6075f
pkg/rootless: remove GetRootlessKitClient, and move to daemon
This utility was only used in a single location (as part of `docker info`),
but the `pkg/rootless` package is imported in various locations, causing
rootlesskit to be a dependency for consumers of that package.

Move GetRootlessKitClient to the daemon code, which is the only location
it was used.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-12 13:44:30 +02:00
Sebastiaan van Stijn
ed798d651a
Merge pull request #45704 from corhere/fix-zeroes-in-linux-resources
daemon: stop setting container resources to zero
2023-06-12 09:44:07 +02:00
Nicolas De Loof
3cc5d62f8a
run getent with a noop stdin
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2023-06-12 09:35:40 +02:00
Brian Goff
e1c92184f0
Merge pull request #44526 from crazy-max/rm-dockerfile-e2e
remove Dockerfile.e2e
2023-06-10 10:53:51 -07:00
Akihiro Suda
78cf11575d
Merge pull request #45677 from thaJeztah/client_useragent
client: add WithUserAgent() option
2023-06-10 16:29:13 +09:00
Sebastiaan van Stijn
32acecbf5e
Merge pull request #45721 from corhere/test-runtimeoptions-config
daemon: test runtimeoptions runtime options
2023-06-09 18:05:53 +02:00
Cory Snider
71589848a0 daemon: test runtimeoptions runtime options
For configured runtimes with a runtimeType other than
io.containerd.runc.v1, io.containerd.runc.v2 and
io.containerd.runhcs.v1, the only supported way to pass configuration is
through the generic containerd "runtimeoptions/v1".Options type. Add a
unit test case which verifies that the options set in the daemon config
are correctly unmarshaled into the daemon's in-memory runtime config,
and that the map keys for the daemon config align with the ones used
when configuring cri-containerd (PascalCase, not camelCase or
snake_case).

Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-06-09 11:16:31 -04:00
Sebastiaan van Stijn
2b402ff8b7
Merge pull request #45706 from jg-public/rootlesskit-v1.1.1
Rootlesskit v1.1.1
2023-06-09 15:17:39 +02:00
Sebastiaan van Stijn
f139017bd0
Merge pull request #44598 from cpuguy83/save_tar_oci
image save: make output tarball OCI compliant
2023-06-09 14:50:51 +02:00
Sebastiaan van Stijn
a6048fc792
client: add WithUserAgent() option
When constructing the client, and setting the User-Agent, care must be
taken to apply the header in the right location, as custom headers can
be set in the CLI configuration, and merging these custom headers should
not override the User-Agent header.

This patch adds a dedicated `WithUserAgent()` option, which stores the
user-agent separate from other headers, centralizing the merging of
other headers, so that other parts of the (CLI) code don't have to be
concerned with merging them in the right order.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-09 09:59:29 +02:00
Jan Garcia
197b0b16e3 vendor: github.com/sirupsen/logrus v1.9.3
Signed-off-by: Jan Garcia <github-public@n-garcia.com>
2023-06-08 22:24:43 +02:00
Brian Goff
1f9eb9ab07
Merge pull request #45713 from AkihiroSuda/rro-services
daemon/cluster: convert new BindOptions
2023-06-08 11:30:34 -07:00
Brian Goff
c7d4f2afdb
Merge pull request #45698 from rumpl/feat-dockerd-mounts-rootfs
c8d: Use reference counting while mounting a snapshot
2023-06-08 10:46:16 -07:00
Akihiro Suda
038a361a91
daemon/cluster: convert new BindOptions
Convert CreateMountpoint, ReadOnlyNonRecursive, and ReadOnlyForceRecursive.

See moby/swarmkit PR 3134

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2023-06-08 10:17:04 +09:00
Akihiro Suda
d41d2c3751
vendor: github.com/moby/swarmkit/v2 v2.0.0-20230607145746-36334ed1876
01bb7a4139...36334ed187

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2023-06-08 10:14:24 +09:00
Djordje Lukic
32d58144fd c8d: Use reference counting while mounting a snapshot
Some snapshotters (like overlayfs or zfs) can't mount the same
directories twice. For example if the same directroy is used as an upper
directory in two mounts the kernel will output this warning:

    overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.

And indeed accessing the files from both mounts will result in an "No
such file or directory" error.

This change introduces reference counts for the mounts, if a directory
is already mounted the mount interface will only increment the mount
counter and return the mount target effectively making sure that the
filesystem doesn't end up in an undefined behavior.

Signed-off-by: Djordje Lukic <djordje.lukic@docker.com>
2023-06-07 15:50:01 +02:00
Cory Snider
8a094fe609 daemon: ensure OCI options play nicely together
Audit the OCI spec options used for Linux containers to ensure they are
less order-dependent. Ensure they don't assume that any pointer fields
are non-nil and that they don't unintentionally clobber mutations to the
spec applied by other options.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-06-06 13:10:05 -04:00
Cory Snider
dea870f4ea daemon: stop setting container resources to zero
Many of the fields in LinuxResources struct are pointers to scalars for
some reason, presumably to differentiate between set-to-zero and unset
when unmarshaling from JSON, despite zero being outside the acceptable
range for the corresponding kernel tunables. When creating the OCI spec
for a container, the daemon sets the container's OCI spec CPUShares and
BlkioWeight parameters to zero when the corresponding Docker container
configuration values are zero, signifying unset, despite the minimum
acceptable value for CPUShares being two, and BlkioWeight ten. This has
gone unnoticed as runC does not distingiush set-to-zero from unset as it
also uses zero internally to represent unset for those fields. However,
kata-containers v3.2.0-alpha.3 tries to apply the explicit-zero resource
parameters to the container, exactly as instructed, and fails loudly.
The OCI runtime-spec is silent on how the runtime should handle the case
when those parameters are explicitly set to out-of-range values and
kata's behaviour is not unreasonable, so the daemon must therefore be in
the wrong.

Translate unset values in the Docker container's resources HostConfig to
omit the corresponding fields in the container's OCI spec when starting
and updating a container in order to maximize compatibility with
runtimes.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-06-06 12:13:05 -04:00
Jan Garcia
8c4dfc9e6a vendor: github.com/rootless-containers/rootlesskit v1.1.1
Signed-off-by: Jan Garcia <github-public@n-garcia.com>
2023-06-06 09:26:32 +02:00
Jan Garcia
0b1c1877c5 update RootlessKit to v1.1.1
Signed-off-by: Jan Garcia <github-public@n-garcia.com>
2023-06-06 09:26:27 +02:00
Cory Snider
9ff169ccf4 daemon: modernize oci_linux_test.go
Switch to using t.TempDir() instead of rolling our own.

Clean up mounts leaked by the tests as otherwise the tests fail due to
the leaked mounts because unlike the old cleanup code, t.TempDir()
cleanup does not ignore errors from os.RemoveAll.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-06-05 18:30:30 -04:00
Bjorn Neergaard
1aae94074e
Merge pull request #45696 from neersighted/check_config_bpf_2
contrib/check-config: move xt_bpf check to overlay section
2023-06-05 14:03:03 -06:00
Sebastiaan van Stijn
ccfc2e5d8d
Merge pull request #45697 from vvoland/dockerfile-separate-cli-2
Dockerfile: Separate cli follow-up
2023-06-05 18:23:09 +02:00