Commit Graph

6927 Commits

Author SHA1 Message Date
Sebastiaan van Stijn cf3f902df4
update runc to v1.0.0-rc8-92-g84373aaa (CVE-2019-16884)
full diff: https://github.com/opencontainers/runc/compare/v1.0.0-rc8...3e425f80a8c931f88e6d94a8c831b9d5aa481657

  - opencontainers/runc#2010 criu image path permission error when checkpoint rootless container
  - opencontainers/runc#2028 Update to Go 1.12 and drop obsolete versions
  - opencontainers/runc#2029 Update dependencies
  - opencontainers/runc#2034 Support for logging from children processes
  - opencontainers/runc#2035 specconv: always set "type: bind" in case of MS_BIND
  - opencontainers/runc#2038 `r.destroy` can defer exec in `runner.run` method
  - opencontainers/runc#2041 Change the permissions of the notify listener socket to rwx for everyone
  - opencontainers/runc#2042 libcontainer: intelrdt: add missing destroy handler in defer func
  - opencontainers/runc#2047 Move systemd.Manager initialization into a function in that module
  - opencontainers/runc#2057 main: not reopen /dev/stderr
      - closes opencontainers/runc#2056 Runc + podman|cri-o + systemd issue with stderr
      - closes kubernetes/kubernetes#77615 kubelet fails starting CRI-O containers (Ubuntu 18.04 + systemd cgroups driver)
      - closes cri-o/cri-o#2368 Joining worker node not starting flannel or kube-proxy / CRI-O error "open /dev/stderr: no such device or address"
  - opencontainers/runc#2061 libcontainer: fix TestGetContainerState to check configs.NEWCGROUP
  - opencontainers/runc#2065 Fix cgroup hugetlb size prefix for kB
  - opencontainers/runc#2067 libcontainer: change seccomp test for clone syscall
  - opencontainers/runc#2074 Update dependency libseccomp-golang
  - opencontainers/runc#2081 Bump CRIU to 3.12
  - opencontainers/runc#2089 doc: First process in container needs `Init: true`
  - opencontainers/runc#2094 Skip searching /dev/.udev for device nodes
      - closes opencontainers/runc#2093 HostDevices() race with older udevd versions
  - opencontainers/runc#2098 man: fix man-pages
  - opencontainers/runc#2103 cgroups/fs: check nil pointers in cgroup manager
  - opencontainers/runc#2107 Make get devices function public
  - opencontainers/runc#2113 libcontainer: initial support for cgroups v2
  - opencontainers/runc#2116 Avoid the dependency on cgo through go-systemd/util package
      - removes github.com/coreos/pkg as dependency
  - opencontainers/runc#2117 Remove libcontainer detection for systemd features
      - fixes opencontainers/runc#2117 Cache the systemd detection results
  - opencontainers/runc#2119 libcontainer: update masked paths of /proc
      - relates to #36368 Add /proc/keys to masked paths
      - relates to #38299 Masked /proc/asound
      - relates to #37404 Add /proc/acpi to masked paths (CVE-2018-10892)
  - opencontainers/runc#2122 nsenter: minor fixes
  - opencontainers/runc#2123 Bump x/sys and update syscall for initial Risc-V support
  - opencontainers/runc#2125 cgroup: support mount of cgroup2
  - opencontainers/runc#2126 libcontainer/nsenter: Don't import C in non-cgo file
  - opencontainers/runc#2129 Only allow proc mount if it is procfs
      - addresses opencontainers/runc#2129 AppArmor can be bypassed by a malicious image that specifies a volume at /proc (CVE-2019-16884)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-12 21:21:27 +01:00
Sebastiaan van Stijn 4b267469b9
bump hashicorp/golang-lru v0.5.3
full diff: 0fb14efe8c...v0.5.3

- hashicorp/golang-lru#53 remove defer keyword to avoid overhead
- hashicorp/golang-lru#56 lru.Get(): avoid nil pointer dereference
- hashicorp/golang-lru#57 Adds LRU cache resize
- hashicorp/golang-lru#58 lru: don't kill the return values of Remove and RemoveOldest

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-12 21:21:22 +01:00
Sebastiaan van Stijn b104da4a09
bump containerd/continuity f2a389ac0a02ce21c09edd7344677a601970f41c
full diff: aaeac12a7f...f2a389ac0a

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-12 21:19:59 +01:00
Brian Goff ebca141311
Merge pull request #2207 from thaJeztah/remove_engine_activate
Remove "docker engine" subcommands
2019-12-12 11:17:48 -08:00
Sebastiaan van Stijn 7e5451316f
docs: add redirects for engine reference pages
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-12 17:51:33 +01:00
Sebastiaan van Stijn 43b2f52d0c
Remove "docker engine" subcommands
These subcommands were created to allow upgrading a Docker Community
engine to Docker Enterprise, but never really took off.

This patch removes the `docker engine` subcommands, as they added
quite some complexity / additional code.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-12 17:51:25 +01:00
Sebastiaan van Stijn 9ef0c7a9dd
Merge pull request #2196 from tiborvass/test-tlsverify
e2e: add new test package "global" with TestTLSVerify
2019-12-12 15:15:15 +01:00
Silvin Lubecki 02ef51e927
Merge pull request #2224 from thaJeztah/update_proxy_docs
Add docs for proxy configuration in config.json
2019-12-12 15:06:04 +01:00
Silvin Lubecki eb33f8759c
Merge pull request #1590 from thaJeztah/docs_add_management_notes
Docs: add note about management commands targeting a manager
2019-12-12 15:03:46 +01:00
Sebastiaan van Stijn cff1a88126
Merge pull request #2211 from thaJeztah/refresh_maintainers
Refresh maintainers list
2019-12-12 15:01:52 +01:00
Sebastiaan van Stijn f540eae7fe
Docs: add note about management commands targeting a manager
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-12 14:57:05 +01:00
Silvin Lubecki 0fd5c16ab9
Merge pull request #1936 from thaJeztah/bump_jwt_go
bump dgrijalva/jwt-go v3.2.0, docker/licencing 7c3de6a
2019-12-12 14:50:10 +01:00
Brian Goff 08eaead288
Merge pull request #2216 from thaJeztah/remove_dab_deploy
Remove experimental "deploy" from "dab" files
2019-12-10 11:00:34 -08:00
Sebastiaan van Stijn e70d6bcb8a
Add docs for proxy configuration in config.json
Setting proxy-configuration in config.json was added in
commit 35f1e301b5 (docker
17.07), but never found its way to the documentation.

This patch adds some basic information about the feature.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-10 15:36:30 +01:00
Sebastiaan van Stijn dd87cd9feb
bump github.com/dgrijalva/jwt-go v3.2.0, docker/licencing 7c3de6a4f59e9e70764ea6f6901cf17b88059789
full diff:

- a2c85815a7...v3.2.0
  - https://github.com/dgrijalva/jwt-go/blob/v3.2.0/VERSION_HISTORY.md
- 9781369abd...5f0f1276fe42dd721c1c093604995a9f758ace21

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-10 14:24:37 +01:00
Silvin Lubecki 79578882a1
Merge pull request #2221 from thaJeztah/fix_docker_cp_npe
docker cp: prevent NPE when failing to stat destination
2019-12-09 21:40:42 +01:00
Sebastiaan van Stijn 585ec4da97
docker cp: prevent NPE when failing to stat destination
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-09 15:32:02 +01:00
Sebastiaan van Stijn 99ad13e374
Remove experimental "deploy" from "dab" files
The top-level `docker deploy` command (using the "Docker Application Bundle"
(`.dab`) file format was introduced as an experimental feature in Docker 1.13 /
17.03, but superseded by support for Docker Compose files.

With no development being done on this feature, and no active use of the file
format, support for the DAB file format and the top-level `docker deploy` command
(hidden by default in 19.03), is removed in this patch, in favour of `docker stack deploy`
using compose files.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-09 10:34:14 +01:00
Akhil Mohan e1daa22ba1
Modify docs to specify working of device flag
Modify the docker run docs, to specify working of --device flag
in containers that are started in privileged mode. The custom device
permissions that are given to a device in privileged mode are ignored
and goes with `rwm` by default

Signed-off-by: Akhil Mohan <akhil.mohan@mayadata.io>
2019-12-08 19:55:18 +05:30
Silvin Lubecki 8547dfcff7
Merge pull request #1803 from thaJeztah/add_ip_address_to_advanced_options
Add ip address to advanced options
2019-12-04 15:16:15 +01:00
Silvin Lubecki d263e29ab5
Merge pull request #2152 from thaJeztah/bump_various_deps
Bump various dependencies
2019-12-04 15:03:23 +01:00
Silvin Lubecki 6eee39df0c
Merge pull request #2175 from thaJeztah/pin_in_scope
parseNetworkOpts, updatePorts: pin variables in scope (scopelint)
2019-12-04 14:50:00 +01:00
Sebastiaan van Stijn 7f063899ef
Maintainers: remove Justin and Aaron
Updating this file to match reality. Both Justin and Aaron
have informed me that they were not expecting to be involved
with maintaining the CLI, so removing them from the list.

Aaron was mostly active on the daemon / engine, so I decided
to not include him in the alumni on this repository, and
Justin remains active as a maintainer on the engine.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-04 13:08:15 +01:00
Sebastiaan van Stijn 2e2d2e16c9
Move Daniel to alumni
Thanks Daniel!

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-04 13:04:47 +01:00
Sebastiaan van Stijn 046a13f996
Maintainers file: remove "docs maintainers" section
The "docs maintainers" role was never defined; removing
the section from the file to make the file less confusing.

We can add people with specific expertise to the general
"maintainers" section instead.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-12-04 13:00:37 +01:00
Tibor Vass 13fb276442
Merge pull request #2129 from derskeal/patch-1
Fix typo
2019-12-02 15:02:38 -08:00
Sebastiaan van Stijn 54d085b857
Merge pull request #2202 from adrian-plata/builder-links
Fixing some links and deleting an older page reference
2019-11-26 21:36:49 +01:00
Sebastiaan van Stijn 01883d5e2c
Merge pull request #2194 from tiborvass/fix-cp-trailing-slash
cp: allow trailing slash in non-existant destination
2019-11-26 21:27:42 +01:00
Sebastiaan van Stijn fc83b941f5
Merge pull request #2198 from usb79/patch-1
Typo in documentation of volume create
2019-11-26 21:25:27 +01:00
Adrian Plata 8195512206 Fixing some links and deleting an older page reference
Signed-off-by: Adrian Plata <adrian.plata@docker.com>
2019-11-21 10:52:50 -08:00
usb79 c888809bbc Typo in documentation of volume create
remove doubled negation (doesn't not => does not)

Signed-off-by: USB79 <ulrich.bareth@gmail.com>
2019-11-15 16:15:24 +01:00
Brian Goff 6c12a82f33
Merge pull request #2197 from thaJeztah/carry_1221_push_quiet
Add support for docker push --quiet
2019-11-12 16:22:36 -08:00
Tibor Vass e692381d18 e2e: add new test package "global" with TestTLSVerify
Signed-off-by: Tibor Vass <tibor@docker.com>
2019-11-12 18:07:09 +00:00
Justyn Temme 756ab2fb92
Add support for docker push --quiet
Signed-off-by: Justyn Temme <justyntemme@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-11-12 09:48:04 -08:00
Tibor Vass 26dbc3226c cp: allow trailing slash in non-existant destination
Signed-off-by: Tibor Vass <tibor@docker.com>
2019-11-12 17:25:25 +00:00
Silvin Lubecki 37f9a88c69
Merge pull request #2095 from aiordache/app-214_client_info_load_func
APP-214 Load Client info in getter function
2019-11-08 11:54:29 +01:00
Anca Iordache 22a5dad847 app-214 Load Client info in getter function
Signed-off-by: Anca Iordache <anca.iordache@docker.com>

Possible approach for client info

- split ClientInfo() into ClientInfo() and loadClientInfo()
- split ConfigFile() into ConfigFile() and loadConfigFile()
- ConfigFile() and ClientInfo() call their corresponding loadXX function
  if it has not yet been loaded; this allows them to be used before
  Initialize() was called.
- Initialize() *always* (re-)loads the configuration; this makes sure
  that the correct configuration is used when actually calling commands.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-11-08 11:39:07 +01:00
Sebastiaan van Stijn 8aeaf60b3a
Merge pull request #2187 from silvin-lubecki/bump-compose-on-kube
Bump compose-on-kubernetes from v0.4.25-alpha1 to v0.5.0-alpha1
2019-11-07 19:18:55 -08:00
Silvin Lubecki 7eb6a29c0b Bump compose-on-kubernetes from v0.4.25-alpha1 to v0.5.0-alpha1
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2019-11-07 20:57:34 +01:00
Sebastiaan van Stijn d6edc912ce
Merge pull request #2182 from rumpl/fix-max_replicas_per_node_interpolation
Add interpolation type cast for max_replicas_per_node
2019-11-05 13:14:31 -08:00
Silvin Lubecki 9e041dd34c
Merge pull request #2107 from jonatasbaldin/2047-fix-image-createdsince-without-value
Fix CREATED field when listing image if date is not specified
2019-11-05 09:46:14 +01:00
Djordje Lukic cb29ef6c6d Add interpolation type cast for max_replicas_per_node
Fixes https://github.com/docker/app/issues/688

Signed-off-by: Djordje Lukic <djordje.lukic@docker.com>
2019-11-05 08:31:36 +01:00
Tibor Vass 3d35fd40d2
Merge pull request #2179 from sj26/builder-prune-filter-docs
unused-for is a deprecated synonym for until
2019-11-04 17:27:51 -08:00
Sebastiaan van Stijn 74f3224c68
Merge pull request #2054 from jescobar-docker/patch-1
Update service_create.md
2019-11-04 17:10:38 -08:00
Sebastiaan van Stijn 968ce1ae4d
Merge pull request #2173 from thaJeztah/carry_golangci_lint
Replace gometalinter with Golangci lint [carry 1797]
2019-10-31 19:56:10 +01:00
Silvin Lubecki b7e06f2845
Remove now obsolete gometalinter and use golangci-lint instead
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-31 19:22:44 +01:00
Sebastiaan van Stijn 1e7774228c
service: remove unused opts from newService() (unparam)
```
cli/command/service/client_test.go:75:41: `newService` - `opts` always receives `nil` (unparam)
func newService(id string, name string, opts ...func(*swarm.Service)) swarm.Service {
                                        ^
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-31 19:22:43 +01:00
Sebastiaan van Stijn 640305f33c
cli/command/stack/kubernetes: Using the variable on range scope `c` in function literal (scopelint)
```
cli/command/stack/kubernetes/convert_test.go:199:35: Using the variable on range scope `c` in function literal (scopelint)
			conv, err := NewStackConverter(c.version)
			                               ^
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-31 19:22:42 +01:00
Sebastiaan van Stijn 542f80241e
cli/command/container: Using the variable on range scope `c` in function literal (scopelint)
```
cli/command/container/create_test.go:120:20: Using the variable on range scope `c` in function literal (scopelint)
				defer func() { c.ResponseCounter++ }()
				               ^
cli/command/container/create_test.go:121:12: Using the variable on range scope `c` in function literal (scopelint)
				switch c.ResponseCounter {
				       ^
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-31 19:22:42 +01:00
Sebastiaan van Stijn 754fc6fe67
cli/command/stack/kubernetes: Using a reference for the variable on range scope `obj` (scopelint)
```
cli/command/stack/kubernetes/watcher_test.go:44:20: Using a reference for the variable on range scope `obj` (scopelint)
		if err := o.Add(&obj); err != nil {
		                 ^
cli/command/stack/kubernetes/watcher_test.go:49:20: Using a reference for the variable on range scope `obj` (scopelint)
		if err := o.Add(&obj); err != nil {
		                 ^
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-31 19:22:41 +01:00