To support the requirement of blocking the request after the daemon
responded the authorization plugin use a `response recorder` that replay
the response after the flow ends.
This commit adds support for commands that hijack the connection and
flushes data via the http.Flusher interface. This resolves the error
with the event endpoint.
Signed-off-by: Liron Levin <liron@twistlock.com>
Fix root directory of the mountpoint being owned by real root. This is
unique to ZFS because of the way file mountpoints are created using the
ZFS tooling, and the remapping that happens at layer unpack doesn't
impact this root (already created) holding directory for the layer.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
mqueue can not be mounted on the host os and then shared into the container.
There is only one mqueue per mount namespace, so current code ends up leaking
the /dev/mqueue from the host into ALL containers. Since SELinux changes the
label of the mqueue, only the last container is able to use the mqueue, all
other containers will get a permission denied. If you don't have SELinux protections
sharing of the /dev/mqueue allows one container to interact in potentially hostile
ways with other containers.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
Bump both API and VERSION directly after the release
branch is created. All changes to master after that
are (by default) for the *next* release.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
filepath.Clean converts filenames to filenames with native path
separators. Use ToSlash to normalize.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
For btrfs driver, in d.Create(), Get() of parentDir is called but not followed
by Put().
If we apply SElinux mount label, we need to mount btrfs subvolumes in d.Get(),
without a Put() would end up with a later Remove() failure on
"Device resourse is busy".
This calls the subvolume helper function directly in d.Create().
Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
This PR adds support for using the DOCKER_BUILD_PKGS env var to
better help defining what packege to build. It also adds support
for the integration-daemon so we can run it as a bundle.
Signed-off-by: Paul Liljenberg <liljenberg.paul@gmail.com>
add directory test
Adds missing directory test. This helps verifying that
DOCKER_BUILD_PKGS is a directory and exists before continueing.
Signed-off-by: Paul Liljenberg <liljenberg.paul@gmail.com>
fix indent
Signed-off-by: Paul Liljenberg <liljenberg.paul@gmail.com>
Alexandru Sfirlogea
Tom X. Tobin
Brian Goff
David Calavera
Alexander Morozov
Sebastiaan van Stijn
Liron Levin
Sebastiaan van Stijn
Phil Estes
Darren Stahl
Stefan Staudenmeyer
moxiegirl
Dan Walsh
Stefan Scherer
Lei Jitang
Aaron Lehmann
Jess Frazelle
Anusha Ragunathan
Tibor Vass
Tibor Vass
John Howard
Liu Bo
unclejack
Tianon Gravi
Paul Liljenberg