Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
Set up the mount label in the spec for a container
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
Upstream-commit: e0f98c698b49e3790fe63bff611eeda6f5b46055
Component: engine
This vendors in new spec/runc that supports
setting readonly and masked paths in the
configuration. Using this allows us to make an
exception for `—-privileged`.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Upstream-commit: 3f81b4935292d5daedea9de4e2db0895986115da
Component: engine
Also modify an integration test that hardcoded the error string so it
uses the exported error variable from libcontainer/user.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Upstream-commit: da38ac6c79fe902ed0687afc73d731c95c6d491a
Component: engine
It includes fix for parsing systemd cgroup names
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: 4fc5bd295eedbefe1b429d98be52f794f1461f2f
Component: engine
This includes all of v0.0.8 as well as a few bug fixes that popped up
during vendoring.
Signed-off-by: Aleksa Sarai <asarai@suse.com>
Upstream-commit: 093dd39686d5e7c562dfdf337bc7545f51d5abf4
Component: engine
Fixes#14203
This bump fixes the issue of having the container's pipes connection
reset by peer because of using the json.Encoder and having a \n added to
the output.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: 7b5896702bd2951541af27925620172edb5d3505
Component: engine
This fixes a security vulnerability in Docker, which can cause a DoS
under certain circumstances. This is from the hotfix branch, so the
vendored commit is actually bf899fef451956be4abd63de6d6141d9f9096a02 in
runc master.
Signed-off-by: Aleksa Sarai <asarai@suse.com>
Upstream-commit: 40b5eebb0b8f34cb3f6a3e6a83cac1b3a34a1d29
Component: engine
This adds a fix for the resource struct in the cgroups type and seccomp
IsEnabled function
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: 5f73ab89523d240c61d8e745bc106232891b46f7
Component: engine
Libcontainer depends on the new package now to avoid cycled
dependencies.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 0609342d04e3e5fbcf17f36c5affef5073643636
Component: engine
PR https://github.com/docker/docker/pull/17986
inadvertently included changes to some vendored files.
This reverts those changes.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: dd3634b3c1926cac2b714be4e7b5be49dfc0d0f2
Component: engine
Fixes a race when starting a container when there is an error, the stdio
streams are not always written.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: d9f5f1954cf3ba9c1f9644d7997033d5d62ab34b
Component: engine
Fixing user namespaces (again) with a vendor update from runc
(specifically, the remount() only if special flags change)
Other changes are very minimal.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Upstream-commit: b7a009cc1c9747cab4ebf40e609068c86f34d19d
Component: engine
Noteworthy changes:
- Add Prestart/Poststop hook support
- Fix bug finding cgroup mount directory
- Add OomScoreAdj as a container configuration option
- Ensure the cleanup jobs in the deferrer are executed on error
- Don't make modifications to /dev when it is bind mounted
Other changes in runc:
https://github.com/opencontainers/runc/compare/v0.0.3...v0.0.4
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 55a601e3f135b0a3915b7f245142ed4e90d81005
Component: engine
This fixes criu behavior with mounted cgroups.
It includes also update of go-systemd dependecy.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: a4ddf0e3624c9e05172d1ad7841f87720a4c9c87
Component: engine
Currently the vendor script removes directories which do not have imported go packages, however this also ends up removing license files which may be other directories.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: 82685367d8d5087b16a583123f45fdcb1c7c64dc
Component: engine
This is fix for proper setup of nested containers cgroups.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: f0f261a899acf3c11d01c97e2503ec0ddb200232
Component: engine
Replaced github.com/docker/libcontainer with
github.com/opencontainers/runc/libcontaier.
Also I moved AppArmor profile generation to docker.
Main idea of this update is to fix mounting cgroups inside containers.
After updating docker on CI we can even remove dind.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: c86189d554ba14aa04b6314970d3699e5ddbf4de
Component: engine
