This fix tries to fix the issue raised in 25863 where `--ip` value
is not validated for `docker create`. As a result, the IP address
passed by `--ip` is not used for `docker create` (ignored silently).
This fix adds validation in the daemon so that `--ip` and `--ip6`
are properly validated for `docker create`.
An integration test has been added to cover the changes.
This fix fixes 25863.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: c7045eb93523df76feb9f3e00540e69471a1855e
Component: engine
Support args to RunCommand
Fix docker help text test.
Fix for ipv6 tests.
Fix TLSverify option.
Fix TestDaemonDiscoveryBackendConfigReload
Use tempfile for another test.
Restore missing flag.
Fix tests for removal of shlex.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Upstream-commit: 6e7405ebd4df360bc84f651c977ece31283eb3ee
Component: engine
Also consolidate the leftover packages under cli.
Remove pkg/mflag.
Make manpage generation work with new cobra layout.
Remove remaining mflag and fix tests after rebase with master.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Upstream-commit: 14712f9ff0d20a3b64a60103608b8cc998909242
Component: engine
Cleanup cobra integration
Update windows files for cobra and pflags
Cleanup SetupRootcmd, and remove unnecessary SetFlagErrorFunc.
Use cobra command traversal
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Upstream-commit: 31bf9ca0c8cf29c1ba6cdc044e81c574161a0392
Component: engine
Syslog Driver: RFC 5425 Message Framing should be used only when protocol is TCP+TLS
Upstream-commit: 15f3d060ace45384ed5f549eecf2bc8919a82f7f
Component: engine
Warn the user and fail daemon start if the graphdir path has any
elements which will deny access to the remapped root uid/gid.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
Upstream-commit: 43a1df6be2fa0c76b521680bbd5dc84db2cfd898
Component: engine
No user of GetNetworkDriverList needs to access the map by key.
The only user of GetNetworkDriverList is in docker info and with a map
the network list is always flipping because loop is not deterministic.
Fix this by returning a string slice which instead is.
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Upstream-commit: 7ca635a1ec2962358a5f7d3c021faca83ff5e55f
Component: engine
This fix tries to address the issue in 25000 where `docker stats`
will not show network stats with `NetworkDisabled=true`.
The `NetworkDisabled=true` could be either invoked through
remote API, or through `docker daemon -b none`.
The issue was that when `NetworkDisabled=true` either by API or
by daemon config, there is no SandboxKey for container so an error
will be returned.
This fix fixes this issue by skipping obtaining SandboxKey if
`NetworkDisabled=true`.
Additional test has bee added to cover the changes.
This fix fixes 25000.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 7bb9c5397e69866fcb1142cda430b842a710f751
Component: engine
In the common case where the user is using /var/lib/docker and
an image with less than 60 layers, forking is not needed. Calculate
whether absolute paths can be used and avoid forking to mount in
those cases.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: c13a985fa1196a5ed782d5ac68a4bbb68dd529ca
Component: engine
It makes little sense to have swarm related code into the daemon
package. This refactor the `daemon` and `cluster` package to remove
`ListContainersForNode` from the daemon.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 4833b3c961f84555c67418440405e470123919c6
Component: engine
Introducing methods to make the intent of the condition clearer to the
eyes of the reader 👼.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 82a451bc94729b0dc2cc0ca94be60de70154f1c2
Component: engine
This fix tries to address the issue in raised #23367 where an out-of-band
volume driver deletion leaves some data in docker. This prevent the
reuse of deleted volume names (by out-of-band volume driver like flocker).
This fix adds a `--force` field in `docker volume rm` to forcefully purge
the data of the volume that has already been deleted.
Related documentations have been updated.
This fix is tested manually with flocker, as is specified in #23367.
An integration test has also been added for the scenario described.
This fix fixes#23367.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 6c5c34d50d377d1c5318a255240fb2dc9c23cf92
Component: engine
`--log-opt splunk-format=inline|json|raw` allows to change how logging
driver sends data to Splunk, where
`inline` - default value, format used before, message is injected as a
line in JSON payload
`json` - driver will try to parse each line as a JSON object and embed it
inside of the JSON payload
`raw` - driver will send Raw payload instead of JSON, tag and attributes
will be prefixed before the message
`--log-opt splunk-verify-connection=true|false` - allows to skip
verification for Splunk Url
Signed-off-by: Denis Gladkikh <denis@gladkikh.email>
Upstream-commit: 603fd0831513257bc26d20ca1f64efcc4965eae6
Component: engine
fixes#25766
If a container's AutoRemove is enabled, client will wait until it's
removed after container exits, this is implemented based on "destroy"
event.
Currently an "AutoRemove" container will report "destroy" event to
notify a hanging client to exit before all volumes are removed, this is
wrong, we should wait container until everything is cleaned up.
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
Upstream-commit: 4df77c11e065bf96b04fc0328a7e7600a2e64937
Component: engine
It is safe to set other namespaces to host when user ns is set to host
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
Upstream-commit: 3c3d2bf85229f9ca4879a24072762477e96c4344
Component: engine
Fixes a race where the log reader would get events for both an actual
rotation as we from fsnotify (`fsnotify.Rename`).
This issue becomes extremely apparent when rotations are fast, for
example:
```
$ docker run -d --name test --log-opt max-size=1 --log-opt max-file=2
busybox sh -c 'while true; do echo hello; usleep 100000; done'
```
With this change the log reader for jsonlogs can handle rotations that
happen as above.
Instead of listening for both fs events AND rotation events
simultaneously, potentially meaning we see 2 rotations for only a single
rotation due to channel buffering, only listen for fs events (like
`Rename`) and then wait to be notified about rotation by the logger.
This makes sure that we don't see 2 rotations for 1, and that we don't
start trying to read until the logger is actually ready for us to.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: 84e60a7e10278e3acd2b783d0e6955dc5198b57c
Component: engine
If we are running in a user namespace, don't try to mknod as
it won't be allowed. libcontainer will bind-mount the host's
devices over files in the container anyway, so it's not needed.
The chrootarchive package does a chroot (without mounting /proc) before
its work, so we cannot check /proc/self/uid_map when we need to. So
compute it in advance and pass it along with the tar options.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Upstream-commit: 617c352e9225b1d598e893aa5f89a8863808e4f2
Component: engine
During image pulls on docker service create, logs will only show status
updates and updates every 1 second on long-running actions like
downloading and extracting. Adds golang.org/x/time/rate as dependency.
Ports docker/swarmkit#1352 to docker/docker.
Signed-off-by: Drew Erny <drew.erny@docker.com>
Upstream-commit: fa0054a3eb0363526d34fb4ac912cab30044f3d7
Component: engine
