The image spec in image/spec/v1.md is quite a bit out of date. Not only
is it missing the changes that went into 1.10 for content
addressability, but it has inaccuracies that date back further, such as
mentioning storing tarsum in the image configuration.
This commit creates image/spec/v1.1.md which brings the specification up
to date. It discusses content addressability, new fields in the image
configuration, the repository/tag grammar, and the current mechanism for
exporting an image.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This fix tries to address issues raised in #20936 and #22443
where `docker pull` or `docker push` fails because of the
concurrent connection failing.
Currently, the number of maximum concurrent connections is
controlled by `maxDownloadConcurrency` and `maxUploadConcurrency`
which are hardcoded to 3 and 5 respectively. Therefore, in
situations where network connections don't support multiple
downloads/uploads, failures may encounter for `docker push`
or `docker pull`.
This fix tries changes `maxDownloadConcurrency` and
`maxUploadConcurrency` to adjustable by passing
`--max-concurrent-uploads` and `--max-concurrent-downloads` to
`docker daemon` command.
The documentation related to docker daemon has been updated.
Additional test case have been added to cover the changes in this fix.
This fix fixes#20936. This fix fixes#22443.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
It includes a small improvement, we hit test timeout sometimes
for some reason, print out the timed out case would be very
helpful.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
The 'Unix Signals' (https://en.wikipedia.org/wiki/Unix_signal#Handling_signals) wiki explains that:
> 'There are two signals which cannot be intercepted and handled: SIGKILL and SIGSTOP.'
Signed-off-by: kevinmeredith <kevin.m.meredith@gmail.com>
the 'modify_ldt' was listed as "blocked by default",
but was whitelisted in 13a9d4e899
this updates the documentation to reflect this
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This gives discovery a chance to initialize, particularly if the K/V
store being used is in a container.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
The old command line options have been deprecated in 1.8.0 and
eventually removed in 1.10.0 through PR #17724, though the
deprecated.md still shows `Target For Removal In Release`.
This fix updates the deprecated.md and changes
`Target For Removal In Release` to `Removed In Release`.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Currently the default seccomp profile is fixed. This changes it
so that it varies depending on the Linux capabilities selected with
the --cap-add and --cap-drop options. Without this, if a user adds
privileges, eg to allow ptrace with --cap-add sys_ptrace then still
cannot actually use ptrace as it is still blocked by seccomp, so
they will probably disable seccomp or use --privileged. With this
change the syscalls that are needed for the capability are also
allowed by the seccomp profile based on the selected capabilities.
While this patch makes it easier to do things with for example
cap_sys_admin enabled, as it will now allow creating new namespaces
and use of mount, it still allows less than --cap-add cap_sys_admin
--security-opt seccomp:unconfined would have previously. It is not
recommended that users run containers with cap_sys_admin as this does
give full access to the host machine.
It also cleans up some architecture specific system calls to be
only selected when needed.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Alexander Morozov
Sebastiaan van Stijn
Tim Düsterhus
John Howard
Aaron Lehmann
Arnaud Porterie
Brian Goff
Vincent Demeester
allencloud
Sebastiaan van Stijn
Hao Shu Wei
cyli
Yi EungJun
Sven Dowideit
Yong Tang
Qiang Huang
Tomasz Kopczynski
kevinmeredith
Antonio Murdaca
Tibor Vass
Antonio Murdaca
Justin Cormack
Alexander Morozov
Amit Krishnan