This test was verifying that the container has the right options set (through
`docker inspect`), but also checks if the cgroup-rules are set within the
container by reading `/sys/fs/cgroup/devices/devices.list`
Unlike cgroups v1, on cgroups v2, there is no file interface, and rules are
handled through ebpf, which means that the test will fail because this file
is not present.
From the Linux documentation for cgroups v2:
https://github.com/torvalds/linux/blob/v5.16/Documentation/admin-guide/cgroup-v2.rst#device-controller
> (...)
> Device controller manages access to device files. It includes both creation of
> new device files (using mknod), and access to the existing device files.
>
> Cgroup v2 device controller has no interface files and is implemented on top
> of cgroup BPF. To control access to device files, a user may create bpf programs
> of type BPF_PROG_TYPE_CGROUP_DEVICE and attach them to cgroups with
> BPF_CGROUP_DEVICE flag. (...)
Given that setting the right cgroups is not really a responsibility of this SDK,
it should be sufficient to verify that the right options were set in the container
configuration, so this patch is removing the part that checks the cgroup, to
allow this test to be run on a host with cgroups v2 enabled.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This was using a deprecated function (`urllib.splitnport`),
ostensibly to work around issues with brackets on IPv6 addresses.
Ironically, its usage was broken, and would result in mangled IPv6
addresses if they had a port specified in some instances.
Usage of the deprecated function has been eliminated and extra test
cases added where missing. All existing cases pass as-is. (The only
other change to the test was to improve assertion messages.)
Signed-off-by: Milas Bowman <milas.bowman@docker.com>
Upgrade to latest pywin32, which has support for Python 3.10 and
resolves a CVE (related to ACL APIs, outside the scope of what
`docker-py` relies on, which is npipe support, but still gets
flagged by scanners).
The version constraint has also been relaxed in `setup.py` to allow
newer versions of pywin32. This is similar to how we handle the
other packages there, and should be safe from a compatibility
perspective.
Fixes#2902.
Closes#2972 and closes#2980.
Signed-off-by: Milas Bowman <milas.bowman@docker.com>
I realize that low-level documentation has outdated examples, so I
created issue #2800 to fix that
Signed-off-by: Felipe Ruhland <felipe.ruhland@gmail.com>
ContainerSpec
Docker Engine v1.41 added `CapAdd` and `CapDrop` as part of the
ContainerSpec, and `docker-py` should do the same.
```
GET /services now returns CapAdd and CapDrop as part of the ContainerSpec.
GET /services/{id} now returns CapAdd and CapDrop as part of the ContainerSpec.
POST /services/create now accepts CapAdd and CapDrop as part of the ContainerSpec.
POST /services/{id}/update now accepts CapAdd and CapDrop as part of the ContainerSpec.
GET /tasks now returns CapAdd and CapDrop as part of the ContainerSpec.
GET /tasks/{id} now returns CapAdd and CapDrop as part of the ContainerSpec.
```
I added capabilities on docstrings, `service.create` init method and
create tests for that.
That change was mention in issue #2802.
Signed-off-by: Felipe Ruhland <felipe.ruhland@gmail.com>
The Makefile and `docker/constants.py` were with old versions, so I
updated them to the current one
Signed-off-by: Felipe Ruhland <felipe.ruhland@gmail.com>
I realize that low-level documentation has outdated examples, so I
created issue #2800 to fix that
Signed-off-by: Felipe Ruhland <felipe.ruhland@gmail.com>
I realize that low-level documentation has outdated examples, so I
created issue #2800 to fix that
Signed-off-by: Felipe Ruhland <felipe.ruhland@gmail.com>
Sebastiaan van Stijn
Milas Bowman
Milas Bowman
Laura Brehm
dependabot[bot]
Stefan Scherer
Hugo van Kemenade
Anca Iordache
Anca Iordache
Segev Finer
Ulysses Souza
Adam Aposhian
Shehzaman
sinarostami
Ulysses Souza
Anthony Sottile
Mathieu Champlon
Sebastiano Mariani
Roger Camargo
Felipe Ruhland