docker is trying to set system.posix_acl_access but using BTRFS this fails if
CONFIG_BTRFS_FS_POSIX_ACL is not activated.
Signed-off-by: Andrei Gherzan <andrei@resin.io>
Upstream-commit: 1c886a70df9820e58caa14789d9ad37c366026d9
Component: engine
TMPDIR was changed to DOCKER_TMPDIR in pull request 7113 but the file still asks user to set TMPDIR.
I am new to docker and wasted sometime this morning because of this.
I am using docker version 1.12.1 on ubuntu server 14.04
Signed-off-by: Neyazul Haque <nuhaque@gmail.com>
Upstream-commit: 10cebd4c741cd9e0762227148795c4ce02317579
Component: engine
This PR adds the ability to make docker debs for xenial on power
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
Upstream-commit: 64881dc331f1f0ff861eb82bb05eef63d6693a67
Component: engine
This is to update the zsh and bash completion script for
23367.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 7fd2c809622e66bb3157fbf1ab797152636a2df5
Component: engine
`--log-opt splunk-format=inline|json|raw` allows to change how logging
driver sends data to Splunk, where
`inline` - default value, format used before, message is injected as a
line in JSON payload
`json` - driver will try to parse each line as a JSON object and embed it
inside of the JSON payload
`raw` - driver will send Raw payload instead of JSON, tag and attributes
will be prefixed before the message
`--log-opt splunk-verify-connection=true|false` - allows to skip
verification for Splunk Url
Signed-off-by: Denis Gladkikh <denis@gladkikh.email>
Upstream-commit: 603fd0831513257bc26d20ca1f64efcc4965eae6
Component: engine
added the firewalld.service symbol in the After line docker
will always start after firewalld, thus eliminating the issue
of firewall blocking all mapped traffic.
Signed-off-by: Ramon Brooker <Ramon.Brooker@imaginecommunications.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 73e08286f920881a431fa7befd3909e72303680b
Component: engine
With the latest OL7.2, selinux policy that is shipped
might not be the latest for it to work or build with
selinux policy for docker-1.12.
To be able to achieve that here is what is done:
1. Added systemd_machined policy which is part of systemd.
2. Temporarily comment out unconfined_typebounds because the
current OL7's selinux doesn't have unconfineduser selinux policy,
to include this will be too much. Will revisit this once we have
updated the selinux policy.
Fixes: #24612
Signed-off-by: Thomas Tanaka <thomas.tanaka@oracle.com>
Upstream-commit: d6cae872c704c6cf36ee7d5c9b472e33280af202
Component: engine
This change allows btrfs subvolumes to be found in additional system
configurations. The old logic failed to correctly identify subvolumes
when the root fs was mounted as a subvolume that was not the btrfs
filesystem root.
Signed-off-by: Adam Mills <adam@armills.info>
Upstream-commit: c3aa75c5a73bed12f44d863618cabef780f5f5bd
Component: engine
This adds the ability to have different profiles for individual distros
and versions of the distro because they all ship with and depend on
different versions of policy packages.
The `selinux` dir contains the unmodified policy that is being used
today. The `selinux-fedora` dir contains the new policy for fedora 24
with the changes for it to compile and work on the system.
The fedora policy is from commit
4a6ce94da5
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: 32b1f26c5111b22fe4277879c4f5e4687a6a72fc
Component: engine
Otherwise the while loop waits forever, checking for
a filename made up of all the names.
Signed-off-by: Bryan Boreham <bjboreham@gmail.com>
Upstream-commit: 68dab9bd0910e22c96d5dfcbd4e972f8ce770a88
Component: engine
Add a test that the default seccomp profile allows execution of 32 bit binaries
Upstream-commit: 8a8a63aa32a60e12b3c4d8e9e3397a8bd3b96d54
Component: engine
