Specifically, none of the graphdrivers are supposed to return a
not-exist type of error on remove (or at least that's how they are
currently handled).
Found that AUFS still had one case where a not-exist error could escape,
when checking if the directory is mounted we call a `Statfs` on the
path.
This fixes AUFS to not return an error in this case, but also
double-checks at the daemon level on layer remove that the error is not
a `not-exist` type of error.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
There really is no reason why anyone should create content in /dev
other then device nodes. Limiting it size to the 64 k size limit.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This adds the new `CreatedAt` field to the API version history
and updates some examples to show this information.
The `CreatedAt` field was implemented in a46f757c40
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Having a map per log entry seemed heavier than necessary. These
attributes end up being sorted and serialized, so storing them in a map
doesn't add anything (there's no random access element). In SwarmKit,
they originate as a slice, so there's an unnecessary conversion to a map
and back.
This also fixes the sort comparator, which used to inefficiently split
the string on each comparison.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Steps to reproduce:
```
# docker run -tid --name aaa ubuntu
57bfd00ac5559f72eec8c1b32a01fe38427d66687940f74611e65137414f0ada
# docker run -tid --name bbb --link aaa ubuntu
23ad18362950f39b638206ab4d1885fd4f50cbd1d16aac9cab8e97e0c8363471
# docker ps --no-trunc
CONTAINER ID IMAGE
COMMAND CREATED STATUS PORTS
NAMES
23ad18362950f39b638206ab4d1885fd4f50cbd1d16aac9cab8e97e0c8363471
ubuntu "/bin/bash" 4 seconds ago Up 3 seconds
bbb
57bfd00ac5559f72eec8c1b32a01fe38427d66687940f74611e65137414f0ada
ubuntu "/bin/bash" 14 seconds ago Up 14
seconds aaa,bbb/aaa
# docker rm -f bbb
bbb
# docker ps --no-trunc
CONTAINER ID IMAGE
COMMAND CREATED STATUS PORTS
NAMES
57bfd00ac5559f72eec8c1b32a01fe38427d66687940f74611e65137414f0ada
ubuntu "/bin/bash" 29 seconds ago Up 28
seconds aaa,bbb/aaa
# docker rm --link bbb/aaa
Error response from daemon: Cannot get parent /bbb for name /bbb/aaa
```
When we rm container `bbb`, we can still see `bbb/aaa` in `docker ps
--no-trunc`. And this link cannot be deleted since container `bbb` has
already been removed.
We should remove links of a container when it is deleted.
Signed-off-by: Yuanhong Peng <pengyuanhong@huawei.com>
I am getting the following warning from gcc when compiling the daemon:
> # github.com/docker/docker/pkg/devicemapper
> pkg/devicemapper/devmapper_wrapper.go: In function ‘log_cb’:
> pkg/devicemapper/devmapper_wrapper.go:20:2: warning: ignoring return
> value of ‘vasprintf’, declared with attribute warn_unused_result
> [-Wunused-result]
> vasprintf(&buffer, f, ap);
> ^
vasprintf(3) man page says if the function returns -1, the buffer is
undefined, so we should not use it. In practice, I assume, this never
happens so we just return.
Introduced by https://github.com/moby/moby/pull/33845 that resulted in
commit 63328c6 ("devicemapper: remove 256 character limit of libdm logs")
Cc: Aleksa Sarai <asarai@suse.de>
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Makes sure that debug endpoints are always available, which will aid in
debugging demon issues.
Wraps debug endpoints in the middleware chain so the can be blocked by
authz.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Also remove the test flag from pkg/term and jsut checkuid directly.
Fixed a problem with a pkg/term test that was leaving the terminal in a bad
state.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Use IoctlGetInt/IoctlSetInt from golang.org/x/sys/unix (where
applicable) instead of manually reimplementing them.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Use IoctlGetTermios/IoctlSetTermios from golang.org/x/sys/unix instead
of manually reimplementing them.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Use unix.Prctl() instead of manually reimplementing it using
unix.RawSyscall. Also use unix.SECCOMP_MODE_FILTER instead of locally
defining it.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
This commit extends SwarmKit secret management with pluggable secret
backends support.
Updating the work in
[swarmkit](docker/swarmkit@eebac27434) for
pluggable secret backend and adding the
driver parameter to `SecretSpec`.
Remaining work:
- [ ] CLI support (docker/cli)
- [ ] api in [plugin helpers](docker/go-plugins-helpers))
- [ ] Reference plugin
- [ ] Documenation (after cli work)
Signed-off-by: Liron Levin <liron@twistlock.com>
Use the (new) plugin fixtures for plugin tests rather than pulling
plugins from hub.
This removes the restriction for platforms/archs since plugin binaries
get built in the test environment.
Future work would be to add test plugins for the various subsystems so
tests that are actually using plugins (e.g. volumes, networks) can be
ported to use the fixtures as well.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
With docker-17.06.0 some images pulled do not extract properly. Some files don't appear in correct directories. This may or may not cause the pull to fail. These images can't be pushed or saved. 17.06 is the first version of Docker built with go1.8.
Cause
There are multiple updates to the tar package in go1.8.
https://go-review.googlesource.com/c/32234/ disables using "prefix" field when new tar archives are being written. Prefix field was previously set when a record in the archive used a path longer than 100 bytes.
Another change https://go-review.googlesource.com/c/31444/ makes the reader ignore the "prefix" field value if the record is in GNU format. GNU format defines that same area should be used for access and modified times. If the "prefix" field is not read, a file will only be extracted by the basename.
The problem is that with a previous version of the golang archive package headers could be written, that use the prefix field while at the same time setting the header format to GNU. This happens when numeric fields are big enough that they can not be written as octal strings and need to be written in binary. Usually, this shouldn't happen: uid, gid, devmajor, devminor can use up to 7 bytes, size and timestamp can use 11. If one of the records does overflow it switches the whole writer to GNU mode and all next files will be saved in GNU format.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
