This is writeable, and can be used to remove devices. Containers do
not need to know about scsi devices.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Upstream-commit: a21ecdf3c8a343a7c94e4c4d01b178c87ca7aaa1
Component: engine
This largely removes references to Docker where possible.
The HOWTO guides are still Docker docs and refer to Docker not
moby, so the next step is to rework these as Moby docs and put
them in `docs/` in this repo.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Upstream-commit: cecd0de3a9f783b34f75ca5e6394b9a0c123999e
Component: engine
The `docker info` code was shelling out to obtain the
version of containerd (using the `--version` flag).
Parsing the output of this version string is error-prone,
and not needed, as the containerd API can return the
version.
This patch adds a `Version()` method to the containerd Client
interface, and uses this to get the containerd version.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: fec2b144feaaa18998ec2ed34c9bc843c4c29abd
Component: engine
/dev is mounted on a tmpfs inside of a container. Processes inside of containers
some times need to create devices nodes, or to setup a socket that listens on /dev/log
Allowing these containers to run with the --readonly flag makes sense. Making a tmpfs
readonly does not add any security to the container, since there is plenty of places
where the container can write tmpfs content.
I have no idea why /dev was excluded.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Upstream-commit: 5f3bd2473ee2a1b9f37ba0130e934133d0e01f89
Component: engine
Commit 3ba1dda1914fa7d380d9d3220c3b158a41f90cba bumped
the API version, but forgot to actually bump the version
in code.
This patch fixes the version to match those changes :-)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 7f8dbe4a86650b02ffb490098b9f3bf0912c575d
Component: engine
The Swagger file contained a version matrix to
find which API version is used by which version
of Docker.
Given that Docker is a downstream of the Moby project,
we should not be maintaining such a matrix in this
repository.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 3fb228ba50ccb921148e0174e5e5e45ab650c3e5
Component: engine
Commit d91c5f42eb37c6f88cec4021c10c0a1ded1785c3 added
support for "Isolation" mode for services, but didn't
get merged before API 1.34.
This patch moves the description in the API version
history to the correct API version (1.35), and does
a slight rewording of the functionality.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 4533a16fa98785c8c18bf9b9a32da5390fc74757
Component: engine
Remove Dockerfile.solaris reference in `hack/make/.detect-daemon-osarch`
as `Dockerfile.solaris` has been removed.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: d157d98a5fbfc98f4adec20ce510b99c795b0d9c
Component: engine
If the user specifies a mountpath from the host, we should not be
attempting to chown files outside the daemon's metadata directory
(represented by `daemon.repository` at init time).
This forces users who want to use user namespaces to handle the
ownership needs of any external files mounted as network files
(/etc/resolv.conf, /etc/hosts, /etc/hostname) separately from the
daemon. In all other volume/bind mount situations we have taken this
same line--we don't chown host file content.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
Upstream-commit: 42716dcf5c986e4cbb51f480f2782c05e5bd0b41
Component: engine
The `.integration-test-helpers` script was sourced by `/etc/bash/bash.rc`.
However, the `$SCRIPTDIR` environment variable is set through `hack/make.sh`,
so will not be set when calling the `.integration-test-helpers` script directly.
Before this patch;
make BIND_DIR=. shell
...
bash: /make/.go-autogen: No such file or directory
After this patch, the warning is no longer printed
Also removed sourcing `.go-autogen` from test-integration and build-integration-test-binary,
as they already sourced `.integration-test-helpers` (which sources
`.go-autogen`).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 6d5e468db1f07c12140af0cf36ba0d1a09bb4ca9
Component: engine
Instead of duplicating the same if condition per plugin manager directory,
use one if condition and a for-loop.
Signed-off-by: Boaz Shuster <ripcurld.github@gmail.com>
Upstream-commit: d75f1d848721f04fdc703a2e88a98600f29933a6
Component: engine
These scripts have not been used for a while now, and should not be used again
because they are for releasing docker, not moby
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Upstream-commit: eef85648e43fef2ec73462fd3d734947384cb16e
Component: engine
This vendoring fixes two issues.
1. When a user specifies an SELinux MCS Label (level) to override moby picking
an unigue MCS label, the code currently picks a label then overrides with the
user selected. This works fine, except the unique MCS Label is leaked and will
not be used until the daemon is restarted.
2. The override label, is not reserved. This could potentially cause an issue
where the daemon could pick the same MCS Label again for a different container.
(~ 1/500,000 Chance).
The updated selinux go bindings, now release the overriden unigue label, and reserve
the one specified by the user.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 73c82386148fe14a47cc515c622bd23b9b7d99b9
Component: engine
