'docker insert' is an old command which predates 'docker build'. We no
longer recommend using it, it is not actively maintained, and can be
replaced with the combination of 'docker build' and 'ADD'.
This removes the command from usage and documentation, and prints a
warning when it is called.
The command still works but it will be removed in a future version.
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
* The commands are no longer listed or documented.
* The commands still work but print a deprecation warning.
* The commands should be removed in a future version.
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
Such nodes could already be created by importing a tarball to a container; now
they can be created from within the container itself.
This gives non-privileged containers the mknod kernel capability, and modifies
their cgroup settings to allow creation of *any* node, not just whitelisted
ones. Use of such nodes is still controlled by the existing cgroup whitelist.
Docker-DCO-1.1-Signed-off-by: Kevin Wallace <kevin@pentabarf.net> (github: kevinwallace)
As explained in https://github.com/dotcloud/docker/issues/4979
--volumes-from fails with ENOFILE errors.
This is because the code tries to look at the "from" volume without
ensuring that it is mounted yet. We fix this by mounting the containers
before stating in it.
Also includes a regression test.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
For combing through logs, have an intro line with information about the
running instance of the docker daemon.
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
This also improves the logic around formatting the labels for selinux
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
There is a bug in the SELinux patch for the lxc execdriver, that
causes lxc containers to blow up whether or not SELinux is enabled.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
When the code attempts to set the ProcessLabel, it checks if SELinux Is
enabled. We have seen a case with some of our patches where the code
is fooled by the container to think that SELinux is not enabled. Calling
label.Init before setting up the rest of the container, tells the library that
SELinux is enabled and everything works fine.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
If a system is configured for SELinux but does not know about docker or
containers, then we want the transitions of the policy to work. Hard coding
the labels causes docker to break on older Fedora and RHEL systems
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
This adds a bit of documentation for the `-a` flag for docker run.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
We currently drop the global lock while holding a per-device lock when
waiting for device removal, and then we re-aquire it when the sleep is done.
This is causing a AB-BA deadlock if anyone at the same time tries to do any
operation on that device like this:
thread A: thread B
grabs global lock
grabs device lock
releases global lock
sleeps
grabs global lock
blocks on device lock
wakes up
blocks on global lock
To trigger this you can for instance do:
ID=`docker run -d fedora sleep 5`
cd /var/lib/docker/devicemapper/mnt/$ID
docker wait $ID
docker rm $ID &
docker rm $ID
The unmount will fail due to the mount being busy thus causing the
timeout and the second rm will then trigger the deadlock.
We fix this by adding a lock ordering such that the device locks
are always grabbed before the global lock. This is safe since the
device lookups now have a separate lock.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Currently access to the Devices map is serialized by the main
DeviceSet lock, but we need to access it outside that lock, so we
add a separate lock for this and grab that everywhere we modify
or read the map.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
This centralizes the lookup of devices so it is only done in one place.
This will be needed later when we change the locking for it.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Solomon Hykes
Victor Vieux
Goffert van Gool
unclejack
Michael Crosby
Guillaume J. Charmes
Rajat Pandit
Kevin Wallace
Tianon Gravi
Alexander Larsson
Guillaume J. Charmes
Vincent Batts
James Turnbull
Sven Dowideit
Michael Neale
David Röthlisberger
Michael Crosby
Dan Walsh
unclejack