This test case is checking that the built-in default size for /dev/shm
(which is used for `--ipcmode` being `private` or `shareable`)
is not overriding the size of user-defined tmpfs mount for /dev/shm.
In other words, this is a regression test case for issue #35271,
https://github.com/moby/moby/issues/35271
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Upstream-commit: 2e0a98b605fa278ee1f348c68fe7e07aed57b834
Component: engine
While this code was likely called from a single thread before, we have
now seen panics, indicating that it could be called in parallel. This
change adds a mutex to protect opening and closing of the channel. There
may be another root cause associated with this panic, such as something
that led to the calling of this in parallel, as this code is old and we
had seen this condition until recently.
This fix is by no means a permanent fix. Typically, bugs like this
indicate misplaced channel ownership. In idiomatic uses, the channel
should have a particular "owner" that coordinates sending and closure.
In this case, the owner of the channel is unclear, so it gets opened
lazily. Synchronizing this access is a decent solution, but a refactor
may yield better results.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
Upstream-commit: 5b55747a523671fa6e626848060460a48d058451
Component: engine
Updates runc to b2567b37d7b75eb4cf325b77297b140ea686ce8f which removes
some cross-repo dependencies.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: af248a3fe087805907e4b69ab017ef60d44ce093
Component: engine
Commit 7120976d74195 ("Implement none, private, and shareable ipc
modes") introduces a bug: if a user-specified mount for /dev/shm
is provided, its size is overriden by value of ShmSize.
A reproducer is simple:
docker run --rm
--mount type=tmpfs,dst=/dev/shm,tmpfs-size=100K \
alpine df /dev/shm
This commit is an attempt to fix the bug, as well as optimize things
a but and make the code easier to read.
https://github.com/moby/moby/issues/35271
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Upstream-commit: 31d30a985d99a0eef92116a22159727f5c332784
Component: engine
Support for duplicate labels (but different values) was
deprecated in commit e4c9079d091a2eeac8a74a0356e3f348db873b87
(Docker 1.13), and scheduled for removal in 17.12
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 8c6322338c91cdb88b1fef4def393d9a7b670366
Component: engine
`scope`=<string> local or swarm had special character, which was breaking the Swagger UI
Signed-off-by: Jeeva S. Chelladhurai <sjeeva@gmail.com>
Upstream-commit: a21654c34b741656582b09e09127821311909dcd
Component: engine
In order to avoid reverting our fix for mount leakage in devicemapper,
add a test which checks that devicemapper's Get() and Put() cycle can
survive having a command running in an rprivate mount propagation setup
in-between. While this is quite rudimentary, it should be sufficient.
We have to skip this test for pre-3.18 kernels.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Upstream-commit: 1af8ea681fba1935c60c11edbbe19b894c9b286f
Component: engine
To ensure that we don't revert CVE-2017-14992, add a test that is quite
similar to that upstream tar-split test (create an empty archive with
lots of junk and make sure the daemon doesn't crash).
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Upstream-commit: 0a13f827a10d3bf61744d9b3f7165c5885a39c5d
Component: engine
This helper acts like /dev/zero (outputs \x00 indefinitely) in an
OS-independent fashion. This ensures we don't need to special-case
around Windows in tests that want to open /dev/zero.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Upstream-commit: 2f8d3e1c33f77187c68893803018756d43daff15
Component: engine
Update to the latest version of tar-split, which includes a change to
fix a memory exhaustion issue where a malformed image could cause the
Docker daemon to crash.
* tar: asm: store padding in chunks to avoid memory exhaustion
Fixes: CVE-2017-14992
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Upstream-commit: e0ff7cccc3cac73da41ec9ef007b0e4e97c55d01
Component: engine
This patch adds the capability for the VFS graphdriver to use
XFS project quotas. It reuses the existing quota management
code that was created by overlay2 on XFS.
It doesn't rely on a filesystem whitelist, but instead
the quota-capability detection code.
Signed-off-by: Sargun Dhillon <sargun@sargun.me>
Upstream-commit: 7a1618ced359a3ac921d8a05903d62f544ff17d0
Component: engine
This allows much of the read logic to be shared for other things,
especially for the new log driver proposed in
https://github.com/moby/moby/issues/33475
The only logic for reads in the json logger is around decoding log
messages, which gets passed into the log file object.
This also helps with implementing compression as it allows us to
simplify locking strategies.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 16f7cd674902b69b97692de2a83915a1a6be2cdb
Component: engine
Make the `*RotateFileWriter` specifically about writing
`logger.Message`'s, which is what it's used for.
This allows for future changes where the log writer can cache details
about log entries such as (e.g.) the timestamps included in a particular
log file, which can be used to optimize reads.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 52d82b4fbc9f0fe00f63e2df9a3d2a49d4095bda
Component: engine
