This vendors in new spec/runc that supports
setting readonly and masked paths in the
configuration. Using this allows us to make an
exception for `—-privileged`.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit 3f81b49352)
this bumps the containerd binary in the Dockerfiles
for 1.11.0-rc4, to include https://github.com/docker/containerd/pull/184
NOTE: the hack/vendor.sh commit is NOT updated in this
patch; there's no reason to update containerd there
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This includes fixes for;
- outputing errors for missing seccomp options on seccomp versions < 2.3
- cap set apply EPERM errors on ARM systems
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 752b31d3fe)
runc expects a systemd cgroupsPath to be in slice:scopePrefix:containerName
format and the "--systemd-cgroup" option to be set. Update docker accordingly.
Fixes 21475
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
(cherry picked from commit 7ed3d265a4)
This reverts commit e6d3a9849c, reversing
changes made to d3afe34b51.
Signed-off-by: cyli <cyli@twistedmatrix.com>
(cherry picked from commit dd33d18045)
Contains fixes for:
- pid.max fix that is causing hang on network stats test.
- fix for early stdin close containerd-shim
- better logging for `could not synchronise with container process`
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit 22d997b374)
Removes the seccomp buildtag when building runc.
Because seccomp isn't currently being built, this would cause
the build to fail.
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
(cherry picked from commit 2caf09d37b)
Now that we are using gc/go 1.6, update a few hashes as well
as actually building the notary binary
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
Fixes broken-pipe issue when piping s3cmd to grep -q, by removing the -q
flag and redirecting to /dev/null instead.
Add net-tools for ifconfig, because some tests rely on ifconfig.
Harmonize all Dockerfiles in this direction.
Signed-off-by: Tibor Vass <tibor@docker.com>
This results in a significant time savings during repeated builds (since we don't have to re-download gcc for every test run).
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
ppc64le now installs the second registry used for
f11b6a2ab3
Also, removed notary until the change to go 1.5.1+
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
