It makes the behavior completely consistent across commands.
It adds tests to check that execution stops when an element is not
found.
Signed-off-by: David Calavera <david.calavera@gmail.com>
This test was directly comparing lines of output from "docker images".
Sometimes, when busybox had been pushed to the hub recently, the
relative creation times would differ like this:
... obtained []string = []string{"busybox", "latest", "d9551b4026f0", "27", "minutes", "ago", "1.113", "MB"}
... expected []string = []string{"busybox", "latest", "d9551b4026f0", "26", "minutes", "ago", "1.113", "MB"}
Fixing by removing the time-since-creation fields from the comparison.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Each plug-in operates as a separate service, and registers with Docker
through general (plug-ins API)
[https://blog.docker.com/2015/06/extending-docker-with-plugins/]. No
Docker daemon recompilation is required in order to add / remove an
authentication plug-in. Each plug-in is notified twice for each
operation: 1) before the operation is performed and, 2) before the
response is returned to the client. The plug-ins can modify the response
that is returned to the client.
The authorization depends on the authorization effort that takes place
in parallel [https://github.com/docker/docker/issues/13697].
This is the official issue of the authorization effort:
https://github.com/docker/docker/issues/14674
(Here)[https://github.com/rhatdan/docker-rbac] you can find an open
document that discusses a default RBAC plug-in for Docker.
Signed-off-by: Liron Levin <liron@twistlock.com>
Added container create flow test and extended the verification for ps
Since seccomp is still a configurable build-tag, add a requirements
entry for seccomp, as well as move seccomp tests to "_unix" given it
won't be applicable to other platforms at this time.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
This test can fail if it is run close to a second boundary:
FAIL: docker_cli_logs_test.go:169: DockerSuite.TestLogsSince
docker_cli_logs_test.go:183:
c.Assert(out, checker.Not(checker.Contains), v,
check.Commentf("unexpected log message returned, since=%v", since))
... obtained string = "" +
... "2015-12-07T19:54:45.000551883Z 1449518084 log2\n" +
... "2015-12-07T19:54:47.001310929Z 1449518086 log3\n"
... substring string = "log2"
... unexpected log message returned, since=1449518085
The problem is that it generates log lines using date +%s and uses that
timestamp as a reference for log filtering with (--since) later on in
the test. However, the timestamp that date +%s generates may not match
the log timestamp.
This commit changes the test to parse the log timestamp itself instead
of relying on a parallel timestamp.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Removed images were not cleaned up from the
digest-set that is used for the search index.
Fixes#18437
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
This solves a bug where /etc may have pre-existing permissions from
build time, but init layer setup (reworked for user namespaces) was
assuming root ownership. Adds a test as well to catch this situation in
the future.
Minor fix to wrong ordering of chown/close on files created during the
same initlayer setup.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Following `docker inspect` conventions:
- Keep partial info in a buffer to not print incomplete template outputs.
- Break execution when template parsing or decoding fail.
Signed-off-by: David Calavera <david.calavera@gmail.com>
A TopicFunc is an interface to let the pubisher decide whether it needs
to send a message to a subscriber or not. It returns true if the
publisher must send the message and false otherwise.
Users of the pubsub package can create a subscriber with a topic
function by calling `pubsub.SubscribeTopic`.
Message delivery has also been modified to use concurrent channels per
subscriber. That way, topic verification and message delivery is not
o(N+M) anymore, based on the number of subscribers and topic verification
complexity.
Using pubsub topics, the API stops controlling the message delivery,
delegating that function to a topic generated with the filtering
provided by the user. The publisher sends every message to the
subscriber if there is no filter, but the api doesn't have to select
messages to return anymore.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Improves the current filtering implementation complixity.
Currently, the best case is O(N) and worst case O(N^2) for key-value filtering.
In the new implementation, the best case is O(1) and worst case O(N), again for key-value filtering.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Makes it easier to debug in the future given three different docker run
executions were all outputting the same error string.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
It will Tar up contents of child directory onto tmpfs if mounted over
This patch will use the new PreMount and PostMount hooks to "tar"
up the contents of the base image on top of tmpfs mount points.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
Closes#9798
@maintainers please note that this is a change to the UX. We no longer
require the -f flag on `docker tag` to move a tag from an existing image.
However, this does make us more consistent across our commands,
see https://github.com/docker/docker/issues/9798 for the history.
Signed-off-by: Doug Davis <dug@us.ibm.com>
libcontainer v0.0.4 introduces setting `/proc/self/oom_score_adj` to
better tune oom killing preferences for container process. This patch
simply integrates OomScoreAdj libcontainer's config option and adjust
the cli with this new option.
Signed-off-by: Antonio Murdaca <amurdaca@redhat.com>
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Cgroup integtaion tests should cover:
- docker can run sucessfully with these options
- these cgroup options are set to HostConfig as expected
- these cgroup options are really set to cgroup files as expected
- other cases (wrong value, combinations etc..)
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Moved a defer up to a better spot.
Fixed TestUntarPathWithInvalidDest to actually fail for the right reason
Closes#18170
Signed-off-by: Doug Davis <dug@us.ibm.com>
Add distribution package for managing pulls and pushes. This is based on
the old code in the graph package, with major changes to work with the
new image/layer model.
Add v1 migration code.
Update registry, api/*, and daemon packages to use the reference
package's types where applicable.
Update daemon package to use image/layer/tag stores instead of the graph
package
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
This commit enhance `docker network rm` command to allow user to delete
multi networks at the same time.
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
Fixes#16555
Original docker `cp` always copy symbol link itself instead of target,
now we provide '-L' option to allow docker to follow symbol link to real
target.
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
* This commit will mark --before and --since as deprecated, but leave their behavior
unchanged until they are removed, then re-implement them as options for --filter.
* And update the related docs.
* Update the integration tests.
Fixes issue #17716
Signed-off-by: Wen Cheng Ma <wenchma@cn.ibm.com>
- isZeroValue function from upstream go
- covers booleans, strings and numbers
- change integration to reflect new behavior
- resolves#9406
Signed-off-by: Morgan Bauer <mbauer@us.ibm.com>
This fixes an issue where two images with the same filesystem contents
and configuration but different remote IDs could share a v1Compatibility
file, resulting in corrupted manifests.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Modified TestInspectApiCpusetInConfigPre120 and
TestContainerApiCreateWithCpuSharesCpuset for working on unicore cpu
environment.
Signed-off-by: Daehyeok Mun <daehyeok@gmail.com>
The test case creates a mount point, starts the daemon with the
graph dir pointing to the mount and initates a pull request. We should
be able to check for the error message when the mount point gets filled
during pull.
Signed-off-by: Anil Belur <askb23@gmail.com>
This change will allow us to run SELinux in a container with
BTRFS back end. We continue to work on fixing the kernel/BTRFS
but this change will allow SELinux Security separation on BTRFS.
It basically relabels the content on container creation.
Just relabling -init directory in BTRFS use case. Everything looks like it
works. I don't believe tar/achive stores the SELinux labels, so we are good
as far as docker commit.
Tested Speed on startup with BTRFS on top of loopback directory. BTRFS
not on loopback should get even better perfomance on startup time. The
more inodes inside of the container image will increase the relabel time.
This patch will give people who care more about security the option of
runnin BTRFS with SELinux. Those who don't want to take the slow down
can disable SELinux either in individual containers or for all containers
by continuing to disable SELinux in the daemon.
Without relabel:
> time docker run --security-opt label:disable fedora echo test
test
real 0m0.918s
user 0m0.009s
sys 0m0.026s
With Relabel
test
real 0m1.942s
user 0m0.007s
sys 0m0.030s
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
Alessandro Boch
Tibor Vass
David Calavera
Qiang Huang
Derek McGowan
Aaron Lehmann
Liron Levin
Alexander Morozov
Phil Estes
Doug Davis
Vincent Demeester
Vincent Demeester
Sebastiaan van Stijn
Jess Frazelle
Antonio Murdaca
Tonis Tiigi
Wen Cheng Ma
Ma Shimiao
Jessica Frazelle
Phil Estes
Karol Duleba
Arnaud Porterie
Brian Goff
Sally O'Malley
Dan Walsh
Doug Davis
Shuwei Hao
Aditi Rajagopal
Vincent Batts
Antonio Murdaca
Antonio Murdaca
Lei Jitang
Bryan Boreham
Shijiang Wei
Aidan Hobson Sayers
Zhang Wei
Michael Crosby
Stefan Scherer
Morgan Bauer
Madhu Venugopal
Daehyeok Mun
Alexander Morozov
Eric Windisch
GoBella
Trevor Pounds
Kunal Kushwaha
Olle Jonsson
Anil Belur
Srini Brahmaroutu
David Lawrence
John Howard
Mike Brown
Todd Whiteman
Mohammed Aaqib Ansari
Zuhayr Elahi