Commit Graph

9667 Commits

Author SHA1 Message Date
Laura Brehm 004e2925d7
Merge pull request #5070 from laurazard/backport/5067-26.1
[26.1 backport] Centralize init of Meter/TracerProviders
2024-05-14 16:52:23 +01:00
Christopher Petito 6691085012
Use funcs on DockerCli to return Meter/TracerProviders, not initialize them. Initialize them during DockerCli struct init
Signed-off-by: Christopher Petito <chrisjpetito@gmail.com>
(cherry picked from commit 02537eac59)
2024-05-14 16:31:06 +01:00
Sebastiaan van Stijn 60f2d38d53
Merge pull request #5068 from dvdksn/26.1_backport_doc-vxlan-listen-addr
[26.1 Backport] docs: clarify that --data-path-addr doesn't restrict access
2024-05-13 20:48:38 +02:00
David Karlsson 81b482ea5e docs: clarify that --data-path-addr doesn't restrict access
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
(cherry picked from commit faf096b25c)
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2024-05-13 19:01:26 +02:00
Paweł Gronowski 211e74b240
Merge pull request #5066 from vvoland/vendor-docker
[26.1] vendor: github.com/docker/docker v26.1.2-dev (ef1912d8b6ae)
2024-05-08 11:31:07 +02:00
Paweł Gronowski 8beff78d85
Merge pull request #5065 from vvoland/v26.1-5064
[26.1 backport] update to go1.21.10
2024-05-08 11:30:55 +02:00
Paweł Gronowski e64914c890
vendor: github.com/docker/docker v26.1.2-dev (ef1912d8b6ae)
- full diff: ac2de55998...ef1912d8b6

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-05-08 11:04:04 +02:00
Paweł Gronowski c1d70d1fbb
update to go1.21.10
These minor releases include 2 security fixes following the security policy:

- cmd/go: arbitrary code execution during build on darwin
On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to
usage of the -lto_library flag in a "#cgo LDFLAGS" directive.
Thanks to Juho Forsén of Mattermost for reporting this issue.
This is CVE-2024-24787 and Go issue https://go.dev/issue/67119.

- net: malformed DNS message can cause infinite loop
A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.
Thanks to long-name-let-people-remember-you on GitHub for reporting this issue, and to Mateusz Poliwczak for bringing the issue to
our attention.
This is CVE-2024-24788 and Go issue https://go.dev/issue/66754.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.22.3

- https://github.com/golang/go/issues?q=milestone%3AGo1.21.10+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.21.9...go1.21.10

**- Description for the changelog**

```markdown changelog
Update Go runtime to 1.21.10
```

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit eb99994c75)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-05-08 09:52:05 +02:00
Paweł Gronowski 53a3f0be18
Merge pull request #5062 from laurazard/cherry-pick-run-hang
[26.1 backport] Fix hang when container fails to start
2024-05-07 13:35:09 +02:00
Laura Brehm 4add46d686
Add e2e tests for run w/ bad entrypoint
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
(cherry picked from commit 8d6e571c03)
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-05-07 11:57:36 +01:00
Laura Brehm ccea7d8a30
Fix hang when container fails to start
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
(cherry picked from commit 31644d5ea7)
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-05-07 11:57:24 +01:00
Paweł Gronowski 4cf5afaefa
Merge pull request #5047 from vvoland/v26.1-5038
[26.1 backport] cli-plugins: PluginRunCommand: use cmd.Environ instead of os.Environ
2024-04-30 13:40:03 +02:00
Paweł Gronowski 6c2b06d535
Merge pull request #5045 from vvoland/vendor-docker-26.1.1-dev
[26.1] vendor: github.com/docker/docker ac2de55998d4 (v26.1.1)
2024-04-30 13:12:54 +02:00
Sebastiaan van Stijn 1c6a8ecf2e
cli-plugins: PluginRunCommand: use cmd.Environ instead of os.Environ
Commit 5011759056 implemented a fix that
caused the current environment to be discarded, using `os.Environ()`.
On Windows, `os.Environ()` may produce an incorrect value for `PWD`,
for which a new function was added in go1.19;

- https://tip.golang.org/doc/go1.19#osexecpkgosexec
- https://go-review.googlesource.com/c/go/+/401340

Replace the use of `os.Environ()` with `cmd.Environ()` to address that.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 5ccb48459b)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-04-30 13:03:15 +02:00
Paweł Gronowski 6d1c387af2
vendor: github.com/docker/docker ac2de55998d4 (v26.1.1)
full diff: c8af8ebe4a...ac2de55998

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-04-30 11:55:51 +02:00
Paweł Gronowski 1e6db5d24b
Merge pull request #5044 from vvoland/wait-cancel-noerror
[26.1 backport] waitExitOrRemoved: Handle context cancellation
2024-04-29 17:46:55 +02:00
Paweł Gronowski 840016ea05
waitExitOrRemoved: Handle context cancellation
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-04-29 16:46:11 +02:00
Paweł Gronowski 9714adc6c7
Merge pull request #5034 from vvoland/vendor-docker
vendor: github.com/docker/docker v26.1.0-dev (c8af8ebe4a89)
2024-04-22 19:00:04 +02:00
Paweł Gronowski aec1d364bf
vendor: github.com/docker/docker v26.1.0-dev (c8af8ebe4a89)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-04-22 18:53:51 +02:00
Paweł Gronowski e397e505d9
Merge pull request #5033 from laurazard/hooks-error-message
hooks: pass command execution error to plugins
2024-04-22 18:49:19 +02:00
Laura Brehm 43cb06e1ae
hooks: pass command execution error to plugins
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-04-22 17:12:53 +01:00
Paweł Gronowski d8fc76ea56
Merge pull request #5030 from laurazard/hooks-plugin-name
hooks: include plugin name in hook data
2024-04-22 17:22:08 +02:00
Laura Brehm 9d8320de9d
hooks: include full configured command
Before, for plugin commands, only the plugin name (such as `buildx`)
would be both included as `RootCmd` when passed to the hook plugin,
which isn't enough information for a plugin to decide whether to execute
a hook or not since plugins implement multiple varied commands (`buildx
build`, `buildx prune`, etc.).

This commit changes the hook logic to account for this situation, so
that the the entire configured hook is passed, i.e., if a user has a
hook configured for `buildx imagetools inspect` and the command
`docker buildx imagetools inspect alpine` is called, then the plugin
hooks will be passed `buildx imagetools inspect`.

This logic works for aliased commands too, so whether `docker build ...`
or `docker buildx build` is executed (unless Buildx is disabled) the
hook will be invoked with `buildx build`.

Signed-off-by: Laura Brehm <laurabrehm@hey.com>

hooks: include full match when invoking plugins

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-04-22 13:16:26 +01:00
Paweł Gronowski 118d6bafe0
Merge pull request #4981 from vvoland/ci-validate-pr
ci: Require changelog description
2024-04-19 19:24:55 +02:00
Laura Brehm 4eeb776247
Merge pull request #5031 from vvoland/vendor-docker
vendor: github.com/docker/docker v26.1.0-dev (ee8b788538ea)
2024-04-19 14:06:46 +01:00
Paweł Gronowski 6ad512068c
vendor: github.com/docker/docker v26.1.0-dev (ee8b788538ea)
no changes in vendored files

full diff: f9dfd139ec...ee8b788538

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-04-19 15:04:28 +02:00
Paweł Gronowski c3243a8cc3
ci/validate-pr: Use `::error::` command to print errors
This will make Github render the log line as an error.

(copied from moby/moby fb92caf2aa6cf3664e11dc06ee10d114af300826)

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-04-19 14:02:20 +02:00
Paweł Gronowski f92fcdef1b
github/ci: Check if backport is opened against the expected branch
(copied from moby/moby 61269e718fbdbbad397b0089105ec910fc0e62ca)

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-04-19 14:02:16 +02:00
Paweł Gronowski 745704d7b4
ci: Require changelog description
Any PR that is labeled with any `impact/*` label should have a
description for the changelog and an `area/*` label.

(copied from moby/moby 1d473549e865ef6b90ee936c280f4bda677de39b)

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-04-19 14:02:11 +02:00
Paweł Gronowski 1cc2e445af
Merge pull request #4967 from robmry/windows-no-dns-proxy
Feature option 'windows-dns-proxy'
2024-04-19 13:42:15 +02:00
Albin Kerouanton 762a85a103 Warn about deprecation of windows-dns-proxy flag
Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2024-04-19 13:32:32 +02:00
Paweł Gronowski b9828336c5
Merge pull request #5027 from laurazard/run-hooks-reexec-env-var
hooks: set expected environment when executing
2024-04-18 11:19:42 +02:00
Laura Brehm 78089c5394
Merge pull request #5024 from laurazard/run-hooks-error
plugins/hooks: run hooks when exit code != 0
2024-04-18 01:05:52 +01:00
Laura Brehm b31c9e1e0c
Merge pull request #5025 from krissetto/fix-otel-otlp-override
Fix OTLP env var overriding
2024-04-17 17:05:44 +01:00
Laura Brehm 5011759056
hooks: set expected environment when executing
During normal plugin execution (from the CLI), the CLI configures the
plugin command it's about to execute in order to pass all environment
variables on, as well as to set the ReExec env var that informs the
plugin about how it was executed, and which plugins rely on to check
whether they are being run standalone or not.

This commit adds the same behavior to hook invocations, which is
necessary for some plugins to know that they are not running standalone
so that they expose their root command at the correct level.

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-04-17 16:57:44 +01:00
Christopher Petito d6796c002f Fix OTLP env var overriding
Signed-off-by: Christopher Petito <chrisjpetito@gmail.com>
2024-04-17 14:32:41 +00:00
Laura Brehm c449c1a49d
plugins/hooks: run hooks when exit code != 0
Particularly for cases such as `docker exec -it`, it's relevant that the CLI
still executes hooks even if the exec exited with a non-zero exit code,
since this is can be part of a normal `docker exec` invocation depending on
how the user exits.

In the future, this might also be interesting to allow plugins to run
hooks after an error so they can offer error-state recovery suggestions,
although this would require additional work to give the plugin more
information about the failed execution.

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-04-17 15:21:08 +01:00
Rob Murray 287f482e31 Feature option 'windows-dns-proxy'
Document feature option 'windows-dns-proxy', which can be used to
enable or disable forwarding of DNS requests from the daemon's
internal resolver to external servers.

Signed-off-by: Rob Murray <rob.murray@docker.com>
2024-04-16 11:27:23 +01:00
Laura Brehm c0cc22db58
Merge pull request #5019 from laurazard/multiple-plugin-hooks
plugins/templates: break on newlines when printing hooks
2024-04-15 13:55:33 +01:00
Laura Brehm 867061b007
plugins/templates: break on newlines when printing hooks
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-04-15 12:59:53 +01:00
David Karlsson 78012b0ee5
Merge pull request #4989 from dvdksn/docs-systempaths-unconfined
docs: add systempaths=unconfined security-opt
2024-04-12 14:53:35 +02:00
Paweł Gronowski 249b5a401f
Merge pull request #5005 from vvoland/cli-bin-exe
cli-bin/windows: Add .exe extension
2024-04-11 11:35:26 +02:00
Paweł Gronowski 718203d50b
cli-bin/windows: Add .exe extension
Before this commit, the CLI binary in `dockereng/cli-bin` image was
named `docker` regardless of platform.

Change the binary name to `docker.exe` in Windows images.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-04-10 18:48:37 +02:00
Sebastiaan van Stijn b6c5522128
Merge pull request #5003 from laurazard/vendor-moby-dirty-26.1
vendor: github.com/docker/docker f9dfd139ec0d (master)
2024-04-10 17:37:31 +02:00
Laura Brehm 5515b86514
vendor: github.com/docker/docker v26.0.1-0.20240410103514-f9dfd139ec0d+incompatible (master)
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-04-10 16:07:09 +01:00
Laura Brehm c1053bf9d4
vendor: github.com/moby/swarmkit/v2 v2.0.0-20240227173239-911c97650f2e
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-04-10 16:02:34 +01:00
Laura Brehm 8a3a7b9458
vendor: github.com/containerd/containerd v1.7.15
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-04-10 15:52:37 +01:00
David Karlsson 4585809848 docs: add systempaths=unconfined security-opt
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2024-04-10 15:16:30 +02:00
Sebastiaan van Stijn 870ad7f4b9
Merge pull request #4998 from thaJeztah/bump_x_net
vendor: golang.org/x/sys v0.18.0, golang.org/x/term v0.18.0, golang.org/x/crypto v0.21.0, golang.org/x/net v0.23.0
2024-04-09 16:24:15 +02:00
Sebastiaan van Stijn 5fcbbde4b9
vendor: golang.org/x/net v0.23.0
full diff: https://github.com/golang/net/compare/v0.22.0...v0.23.0

Includes a fix for CVE-2023-45288, which is also addressed in go1.22.2
and go1.21.9;

> http2: close connections when receiving too many headers
>
> Maintaining HPACK state requires that we parse and process
> all HEADERS and CONTINUATION frames on a connection.
> When a request's headers exceed MaxHeaderBytes, we don't
> allocate memory to store the excess headers but we do
> parse them. This permits an attacker to cause an HTTP/2
> endpoint to read arbitrary amounts of data, all associated
> with a request which is going to be rejected.
>
> Set a limit on the amount of excess header frames we
> will process before closing a connection.
>
> Thanks to Bartek Nowotarski for reporting this issue.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-04-09 14:52:51 +02:00