Commit graph

46223 commits

Author SHA1 Message Date
Sebastiaan van Stijn
b07d2a3827
Merge pull request #45486 from thaJeztah/daemon_monitor_logclean
daemon: handleContainerExit(): use logrus.WithFields
2023-05-10 00:51:50 +02:00
Bjorn Neergaard
9e43c11480
AUTHORS: regenerate
Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
2023-05-09 15:14:50 -06:00
Bjorn Neergaard
5fee4439a0
.mailmap: update with my new email
Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
2023-05-09 15:14:40 -06:00
Sebastiaan van Stijn
563fc92dd4
Merge pull request #45496 from thaJeztah/pkg_aaparser_deprecate_version
pkg/aaparser: deprecate GetVersion, as it's no longer used
2023-05-09 19:18:39 +02:00
Sebastiaan van Stijn
b587c5a2f8
Merge pull request #45501 from laurazard/c8d-image-history
c8d: add image history
2023-05-09 18:46:44 +02:00
Laura Brehm
e8be792130
c8d: fix missing image history
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2023-05-09 16:19:05 +01:00
Sebastiaan van Stijn
e3e715666f
pkg/aaparser: deprecate GetVersion, as it's no longer used
Our templates no longer contain version-specific rules, so this function
is no longer used. This patch deprecates it.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-09 16:47:03 +02:00
Sebastiaan van Stijn
06221297bf
Merge pull request #45495 from thaJeztah/apparmor_remove_version_code
profiles/apparmor: remove use of aaparser.GetVersion()
2023-05-09 16:46:32 +02:00
Sebastiaan van Stijn
a8b1ce2447
Merge pull request #45492 from thaJeztah/contrib_apparmor_remove_version
contrib/apparmor: remove remaining version-conditionals (< 2.9) from template
2023-05-09 16:46:08 +02:00
Jeyanthinath Muthuram
71d7908656
added alias validation
Signed-off-by: Jeyanthinath Muthuram <jeyanthinath10@gmail.com>
2023-05-08 19:03:44 +05:30
Sebastiaan van Stijn
ecaab085db
profiles/apparmor: remove use of aaparser.GetVersion()
commit 7008a51449 removed version-conditional
rules from the template, so we no longer need the apparmor_parser Version.

This patch removes the call to `aaparser.GetVersion()`

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-08 13:50:13 +02:00
Sebastiaan van Stijn
f445ee1e6c
contrib/apparmor: remove remaining version-conditionals (< 2.9) from template
Commit 2e19a4d56b removed all other version-
conditional statements from the AppArmor template, but left this one in place.

These conditions were added in 8cf89245f5
to account for old versions of debian/ubuntu (apparmor_parser < 2.9)
that lacked some options;

> This allows us to use the apparmor profile we have in contrib/apparmor/
> and solves the problems where certain functions are not apparent on older
> versions of apparmor_parser on debian/ubuntu.

Those patches were from 2015/2016, and all currently supported distro
versions should now have more current versions than that. Looking at the
oldest supported versions;

Ubuntu 18.04 "Bionic":

    apparmor_parser --version
    AppArmor parser version 2.12
    Copyright (C) 1999-2008 Novell Inc.
    Copyright 2009-2012 Canonical Ltd.

Debian 10 "Buster"

    apparmor_parser --version
    AppArmor parser version 2.13.2
    Copyright (C) 1999-2008 Novell Inc.
    Copyright 2009-2018 Canonical Ltd.

This patch removes the remaining conditionals.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-08 13:17:59 +02:00
Jeyanthinath Muthuram
307b09e7eb
fixing consistent aliases for OCI spec imports
Signed-off-by: Jeyanthinath Muthuram <jeyanthinath10@gmail.com>
2023-05-08 15:27:52 +05:30
Sebastiaan van Stijn
c651a53558
Merge pull request #45488 from doringeman/dorin.geman/execDuration-in-containerExit
daemon: handleContainerExit(): add execDuration in attributes
2023-05-08 11:14:28 +02:00
Sebastiaan van Stijn
d9d9950d8d
Merge pull request #45482 from thaJeztah/docs_api_fix_missing_endpoint
docs/api: version-history: also mention /system/df for VirtualSize
2023-05-08 11:03:40 +02:00
Dorin Geman
2ad37e1832 daemon: handleContainerExit(): add execDuration in attributes
Add `execDuration` field to the event attributes map. This is useful for tracking how long the container ran.

Signed-off-by: Dorin Geman <dorin.geman@docker.com>
2023-05-08 10:26:33 +03:00
Laura Brehm
cad97135b3
c8d: implement missing image delete logic
Ports over all the previous image delete logic, such as:
- Introduce `prune` and `force` flags
- Introduce the concept of hard and soft image delete conflics, which represent:
  - image referenced in multiple tags (soft conflict)
  - image being used by a stopped container (soft conflict)
  - image being used by a running container (hard conflict)
- Implement delete logic such as:
  - if deleting by reference, and there are other references to the same image, just
    delete the passed reference
  - if deleting by reference, and there is only 1 reference and the image is being used
    by a running container, throw an error if !force, or delete the reference and create
    a dangling reference otherwise
  - if deleting by imageID, and force is true, remove all tags (otherwise soft conflict)
  - if imageID, check if stopped container is using the image (soft conflict), and
    delete anyway if force
  - if imageID was passed in, check if running container is using the image (hard conflict)
  - if `prune` is true, and the image being deleted has dangling parents, remove them

This commit also implements logic to get image parents in c8d by comparing shared layers.

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2023-05-08 02:32:03 +01:00
Sebastiaan van Stijn
de363f1404
daemon: handleContainerExit(): use logrus.WithFields
Use `WithFields()` instead of chaining multiple `WithField()` calls.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-07 21:24:34 +02:00
Sebastiaan van Stijn
fb96b94ed0
daemon: remove handling for deprecated "oom-score-adjust", and produce error
This option was deprecated in 5a922dc162, which
is part of the v24.0.0 release, so we can remove it from master.

This patch;

- adds a check to ValidatePlatformConfig, and produces a fatal error
  if oom-score-adjust is set
- removes the deprecated libcontainerd/supervisor.WithOOMScore
- removes the warning from docker info

With this patch:

    dockerd --oom-score-adjust=-500 --validate
    Flag --oom-score-adjust has been deprecated, and will be removed in the next release.
    unable to configure the Docker daemon with file /etc/docker/daemon.json: merged configuration validation from file and command line flags failed: DEPRECATED: The "oom-score-adjust" config parameter and the dockerd "--oom-score-adjust" options have been removed.

And when using `daemon.json`:

    dockerd --validate
    unable to configure the Docker daemon with file /etc/docker/daemon.json: merged configuration validation from file and command line flags failed: DEPRECATED: The "oom-score-adjust" config parameter and the dockerd "--oom-score-adjust" options have been removed.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-06 16:36:17 +02:00
Sebastiaan van Stijn
316781be48
api/types/container: remove deprecated ContainerChangeResponseItem
This was deprecated in dbb48e4b29, which
is part of the v24.0.0 release, so we can remove it from master.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-06 16:36:17 +02:00
Sebastiaan van Stijn
9c14f98583
api/types: remove deprecated AuthConfig
This was deprecated in 818ee96219, which
is part of the v24.0.0 release, so we can remove it from master.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-06 16:36:17 +02:00
Sebastiaan van Stijn
55608d8381
pkg/system: remove deprecated IsProcessAlive, IsProcessZombie, KillProcess
These were deprecated in 9d5e754caa, which
is part of the v24.0.0 release, so we can remove it from master.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-06 16:36:17 +02:00
Sebastiaan van Stijn
a3b12ec420
pkg/system: remove deprecated DefaultPathEnv()
This was deprecated in 9f3e5eead5, which
is part of the v24.0.0 release, so we can remove it from master.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-06 16:36:17 +02:00
Sebastiaan van Stijn
dc76b90705
pkg/system: remove deprecated MemInfo, ReadMemInfo()
These were deprecated in 2d49080056, which
is part of the v24.0.0 release, so we can remove it from master.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-06 16:36:17 +02:00
Sebastiaan van Stijn
7d0488b11e
pkg/ioutils: remove deprecated TempDir() alias
This function was deprecated in c63ea32a17, which
is part of the v24.0.0 release, so we can remove it from master.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-06 16:36:16 +02:00
Sebastiaan van Stijn
152c482fee
pkg/platform: remove deprecated OSType const
This const was deprecated in 5c78cbd3be, which
is part of the v24.0.0 release, so we can remove it from master.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-06 16:36:16 +02:00
Sebastiaan van Stijn
913b0f51ca
API: omit deprecated VirtualSize field for API v1.44 and up
This field is deprecated since 1261fe69a3,
and will now be omitted on API v1.44 and up for the `GET /images/json`,
`GET /images/{id}/json`, and `GET /system/df`  endpoints.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-06 16:35:00 +02:00
Sebastiaan van Stijn
fdc7a78652
docs/api: version-history: also mention /system/df for VirtualSize
Commit 1261fe69a3 deprecated the VirtualSize
field, but forgot to mention that it's also included in the /system/df
endpoint.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-06 16:28:37 +02:00
Sebastiaan van Stijn
88f4bf4ae4
Merge pull request #45468 from thaJeztah/bump_api_1.44
API: bump version to 1.44
2023-05-06 15:10:59 +02:00
Sebastiaan van Stijn
fd0b109bf7
API: bump version to 1.44
The 24.0 branch was created, so changes in master/main should now be
targeting the next version of the API (1.44).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-06 01:41:49 +02:00
Sebastiaan van Stijn
8d9a40a820
Merge pull request #45467 from thaJeztah/sync_api_docs
api: synchronize api/swagger.yaml with docs/api/v1.43.yaml
2023-05-06 00:24:07 +02:00
Tianon Gravi
acce6043e0
Merge pull request #45476 from thaJeztah/vendor_containerd_1.6.21
vendor: github.com/containerd/containerd v1.6.21
2023-05-05 20:54:33 +00:00
Sebastiaan van Stijn
a87313497b
vendor: github.com/containerd/containerd v1.6.21
release notes: https://github.com/containerd/containerd/releases/tag/v1.6.21

Notable Updates

- update runc binary to v1.1.7
- Remove entry for container from container store on error
- oci: partially restore comment on read-only mounts for uid/gid uses
- windows: Add ArgsEscaped support for CRI
- oci: Use WithReadonlyTempMount when adding users/groups
- archive: consistently respect value of WithSkipDockerManifest

full diff: https://github.com/containerd/containerd/compare/c0efc63d3907...v1.6.21

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-05 19:52:17 +02:00
zhangguanzhang
43b1afb2cf make chownComment easy to read
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
2023-05-05 19:22:49 +08:00
Sebastiaan van Stijn
5f36d4af15
api: synchronize api/swagger.yaml with docs/api/v1.43.yaml
- forward-port changes from 0ffaa6c785 to api/swagger.yaml (v1.44-dev)
- backports the changes to v1.43;
  - Update container OOMKilled flag immediately 57d2d6ef62
  - Add no-new-privileges to SecurityOptions returned by /info eb7738221c
  - API: deprecate VirtualSize field for /images/json and /images/{id}/json 1261fe69a3
  - api/types/container: create type for changes endpoint dbb48e4b29
  - builder-next/prune: Handle "until" filter timestamps 54a125f677

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-05 01:10:20 +02:00
Brian Goff
698fa85f38
Merge pull request #45463 from corhere/copy-xattr-notsupp
d/graphdriver/copy: support src fs w/o xattr support
2023-05-04 12:00:50 -07:00
Sebastiaan van Stijn
8a4b095a94
Merge pull request #45353 from thaJeztah/api_container_change_type
api/types/container: create type for changes endpoint
2023-05-04 19:48:40 +02:00
Sebastiaan van Stijn
0e8eea5a70
Merge pull request #45338 from thaJeztah/split_securityoptions
container: split security options to a SecurityOptions struct
2023-05-04 19:47:24 +02:00
Cory Snider
2b6761fd3e d/graphdriver/copy: support src fs w/o xattr support
Treat copying extended attributes from a source filesystem which does
not support extended attributes as a no-op, same as if the file did not
possess the extended attribute. Only fail copying extended attributes if
the source file has the attribute and the destination filesystem does
not support xattrs.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-05-04 12:30:59 -04:00
Sebastiaan van Stijn
7d7749ee47
Merge pull request #45429 from thaJeztah/libnetwork_cleanup_buildtags_and_stubs
libnetwork: remove redundant init(), remove dead code, and fix stubs / build-tags
2023-05-04 17:48:15 +02:00
Sebastiaan van Stijn
5c052e6c04
Merge pull request #45456 from thaJeztah/update_go1.20.4
update go to go1.20.4
2023-05-04 15:27:53 +02:00
Sebastiaan van Stijn
506b86773d
Merge pull request #45442 from thaJeztah/jsonmessage_refactor
pkg/jsonmessage: JSONMessage.Display(): remove special case for 401 errors
2023-05-04 14:59:48 +02:00
Sebastiaan van Stijn
3e6092f5b2
pkg/jsonmessage: touch-up GoDoc
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-04 13:46:11 +02:00
Sebastiaan van Stijn
05cb0e5a7d
pkg/jsonmessage: JSONProgress.String(), JSONProgress.now(): simplify
- inline an intermediate variable
- remove a redundant intermediate function

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-04 13:46:10 +02:00
Sebastiaan van Stijn
4cadee65b3
pkg/jsonmessage: JSONMessage.Display(): remove special case for 401 errors
This special case was added in 3043c26419 as
a sentinel error (`AuthRequiredError`) to check whether authentication
is required (and to prompt the users to authenticate). A later refactor
(946bbee39a) removed the `AuthRequiredError`,
but kept the error-message and logic.

Starting with fcee6056dc, it looks like we
no longer depend on this specific error, so we can return the registry's
error message instead.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-04 13:46:10 +02:00
Sebastiaan van Stijn
2adec6c8c0
Merge pull request #45438 from thaJeztah/c8d_fix_image_commit
c8d: commit: generateCommitImageConfig: don't merge image config
2023-05-04 11:28:43 +02:00
Sebastiaan van Stijn
66cf0e3f55
client: slightly improve ContainerDiff tests
- use gotest.tools for asserting
- check result returned

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-03 21:25:07 +02:00
Sebastiaan van Stijn
dbb48e4b29
api/types/container: create type for changes endpoint
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-03 21:23:42 +02:00
Sebastiaan van Stijn
b7e8868235
update go to go1.20.4
go1.20.4 (released 2023-05-02) includes three security fixes to the html/template
package, as well as bug fixes to the compiler, the runtime, and the crypto/subtle,
crypto/tls, net/http, and syscall packages. See the Go 1.20.4 milestone on our
issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.20.4+label%3ACherryPickApproved

release notes: https://go.dev/doc/devel/release#go1.20.4
full diff: https://github.com/golang/go/compare/go1.20.3...go1.20.4

from the announcement:

> These minor releases include 3 security fixes following the security policy:
>
> - html/template: improper sanitization of CSS values
>
>   Angle brackets (`<>`) were not considered dangerous characters when inserted
>   into CSS contexts. Templates containing multiple actions separated by a '/'
>   character could result in unexpectedly closing the CSS context and allowing
>   for injection of unexpected HMTL, if executed with untrusted input.
>
>   Thanks to Juho Nurminen of Mattermost for reporting this issue.
>
>   This is CVE-2023-24539 and Go issue https://go.dev/issue/59720.
>
> - html/template: improper handling of JavaScript whitespace
>
>   Not all valid JavaScript whitespace characters were considered to be
>   whitespace. Templates containing whitespace characters outside of the character
>   set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain
>   actions may not be properly sanitized during execution.
>
>   Thanks to Juho Nurminen of Mattermost for reporting this issue.
>
>   This is CVE-2023-24540 and Go issue https://go.dev/issue/59721.
>
> - html/template: improper handling of empty HTML attributes
>
>   Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}")
>   executed with empty input could result in output that would have unexpected
>   results when parsed due to HTML normalization rules. This may allow injection
>   of arbitrary attributes into tags.
>
>   Thanks to Juho Nurminen of Mattermost for reporting this issue.
>
>   This is CVE-2023-29400 and Go issue https://go.dev/issue/59722.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-03 20:42:33 +02:00
Sebastiaan van Stijn
1c2d8c8663
Merge pull request #45441 from thaJeztah/vendor_runtime_spec_v1.1.0-rc.2
vendor: github.com/opencontainers/runtime-spec v1.1.0-rc.2
2023-05-03 02:45:06 +02:00