Note - only support the non-detached mode of exec right now.
Another PR will add -d support.
Closes#8703
Signed-off-by: Doug Davis <dug@us.ibm.com>
Upstream-commit: 90928eb1140fc0394e2a79d5e9a91dbc0f02484c
Component: engine
These settings need to be in the HostConfig so that they are not
committed to an image and cannot introduce a security issue.
We can safely move this field from the Config to the HostConfig
without any regressions because these settings are consumed at container
created and used to populate fields on the Container struct. Because of
this, existing settings will be honored for containers already created
on a daemon with custom security settings and prevent values being
consumed via an Image.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Conflicts:
daemon/create.go
changing config to hostConfig was required to fix the
build
Upstream-commit: 294843ef23fcff3c080d9fbd12df17ae7006a9f8
Component: engine
Adds pertitent information about what is expected in the json payload
and comments out unsupported (exec) features in runConfig.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: d4ba00bd4237ebf6e8016a350d95cc060e5e8a05
Component: engine
Next steps, in another PR, would be:
- make all logging go through the logrus stuff
- I'd like to see if we can remove the env var stuff (like DEBUG) but we'll see
Closes#5198
Signed-off-by: Doug Davis <dug@us.ibm.com>
Upstream-commit: 2facc0467336a80f48c765dbdbd803055a431aa9
Component: engine
TreeSize uses syscall.Stat_t which is not available on Windows.
It's called only on daemon path, therefore extracting it to daemon
with build tag 'daemon'
Signed-off-by: Ahmet Alp Balkan <ahmetb@microsoft.com>
Upstream-commit: b64c9b521ab4e4082ed874a23a493f4a266304d5
Component: engine
be default it is on, with build tags to disable the version info
Signed-off-by: Vincent Batts <vbatts@redhat.com>
Upstream-commit: 25154682a5cd57aa4fc3ef88baeee3ce1f204060
Component: engine
Fixes#1171Fixes#6465
Data passed to mount(2) is clipped to PAGE_SIZE if its bigger. Previous
implementation checked if error was returned and then started to append layers
one by one. But if the PAGE_SIZE clipping appeared in between the paths, in the
permission sections or in xino definition the call would not error and
remaining layers would just be skipped(or some other unknown situation).
This also optimizes system calls as it tries to mount as much as possible with
the first mount.
Signed-off-by: Tõnis Tiigi <tonistiigi@gmail.com> (github: tonistiigi)
Upstream-commit: 6d97339ca23ada27812572016ad4ff9ccffa8b09
Component: engine
The argument ifaceName was removed in a much earlier commit.
Signed-off-by: Sami Wagiaalla <swagiaal@redhat.com>
Upstream-commit: a01f1e707eb682ec60d489a4171d2c82de79ee57
Component: engine
Some workloads rely on IPC for communications with other processes. We
would like to split workloads between two container but still allow them
to communicate though shared IPC.
This patch mimics the --net code to allow --ipc=host to not split off
the IPC Namespace. ipc=container:CONTAINERID to share ipc between containers
If you share IPC between containers, then you need to make sure SELinux labels
match.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Upstream-commit: 497fc8876ede9924f61c0eee4dfadd71e5d9f537
Component: engine
Took care of some review comments from crosbymichael.
v2:
- Return "err = nil" if file deviceset-metadata file does not exist.
- Use json.Decoder() interface for loading deviceset metadata.
v3:
- Reverted back to json marshal interface in loadDeviceSetMetaData().
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Upstream-commit: 15c74bebc1ea2d51612b5809b4477551547a8b3d
Component: engine
