This will allow us to have a windows-to-linux CI, where the linux host
can be anywhere, connecting with TLS.
Signed-off-by: Tibor Vass <tibor@docker.com>
We need to add delegate yes to docker's service file so that it can
manage the cgroups of the processes that it launches without systemd
interfering with them and moving the processes after it is reloaded.
```
Delegate=
Turns on delegation of further resource control partitioning to
processes of the unit. For unprivileged services (i.e. those
using the User= setting), this allows processes to create a
subhierarchy beneath its control group path. For privileged
services and scopes, this ensures the processes will have all
control group controllers enabled.
```
This is the proper fix for issue #20152
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Instead of using a process expansion to feed the right arguments to
docker to run on "mh-keystore", just moves up the next step which makes
"mh-keystore" the default target. This makes the guide a bit shorter and
easier to understand.
Signed-off-by: Vincent Bernat <vincent@bernat.im>
This enhancement is to fix the wrong list results on
`docker ps` before and since filters specifying the non-running container.
Fixes issue #20431
Signed-off-by: Wen Cheng Ma <wenchma@cn.ibm.com>
Based on the discussion, we have changed the following:
1. Send body only if content-type is application/json (based on the
Docker official daemon REST specification, this is the provided for all
APIs that requires authorization.
2. Correctly verify that the msg body is smaller than max cap (this was
the actual bug). Fix includes UT.
3. Minor: Check content length > 0 (it was -1 for load, altough an
attacker can still modify this)
Signed-off-by: Liron Levin <liron@twistlock.com>
Because devices will be bind-mounted instead of using `mknod`, we need
to make sure the source exists and filter the list by only those whose
source is a valid path/current device entry.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Attempt layer mounts from up to 3 source repositories, possibly
falling back to a standard blob upload for cross repository pushes.
Addresses compatiblity issues with token servers which do not grant
multiple repository scopes, resulting in an authentication failure for
layer mounts, which would otherwise cause the push to terminate with an
error.
Signed-off-by: Brian Bland <brian.bland@docker.com>
There are five options 'debug' 'labels' 'cluster-store' 'cluster-store-opts'
and 'cluster-advertise' that can be reconfigured, configure any of these
options should not affect other options which may have configured in flags.
But this is not true, for example, I start a daemon with -D to enable the
debugging, and after a while, I want reconfigure the 'label', so I add a file
'/etc/docker/daemon.json' with content '"labels":["test"]' and send SIGHUP to daemon
to reconfigure the daemon, it work, but the debugging of the daemon is also diabled.
I don't think this is a expeted behaviour.
This patch also have some minor refactor of reconfiguration of cluster-advertiser.
Enable user to reconfigure cluster-advertiser without cluster-store in config file
since cluster-store could also be already set in flag, and we only want to reconfigure
the cluster-advertiser.
Signed-off-by: Lei Jitang <leijitang@huawei.com>
In cases where the a plugin responds with both a null or empty volume
and a null or empty Err, the daemon would panic.
This is because we assumed the idiom if `err` is nil, then `v` must not
be but in reality the plugin may return whatever it wants and we want to
make sure it doesn't harm the daemon.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Just some suggested wording to update this page to take account of User Namespaces being available as of 1.10.
Signed-off-by: Rory McCune <rorym@mccune.org.uk>
David Calavera
Sebastiaan van Stijn
Brian Goff
Riyaz Faizullabhoy
Tibor Vass
Tibor Vass
Michael Crosby
Alexander Morozov
Vincent Demeester
Antonio Murdaca
Vincent Bernat
Wen Cheng Ma
Cameron Spear
Liron Levin
Phil Estes
John Howard
Brian Bland
Lei Jitang
Jian Zhang
Arnaud Porterie
Tomasz Kopczynski
Rory McCune
Nakul Pathak