This fix tries to fix Docker core dumps when removing network with special
characters. The issue is from the fact that when docker client tries to
pass the command to API, the networkID is not escaped in case of special
characters. This also means other commands (not just `docker network rm`)
may face the same issue (e.g., `docker network connect`).
This fix adds the URL path escape to properly handle it. In addition, an
integration test for network create and delete is added to cover the cases
in #21401.
This fix fixes#21401.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit f8dc5562d0a74792c46b9382181ddf97e5d7cdac)
Signed-off-by: David Calavera <david.calavera@gmail.com>
Allow --net=container and --ipc=container tests to run when user
namespaces are enabled.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
The error message was changed from "unauthorized: access to the
requested resource is not authorized" to "unauthorized: authentication
required".
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
Restores the correct parent chain relationship
between images on docker load if multiple images
have been saved.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
This allows a user to specify explicitly to enable
automatic copying of data from the container path to the volume path.
This does not change the default behavior of automatically copying, but
does allow a user to disable it at runtime.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This adds support for the passthrough on build, push, login, and search.
Revamp the integration test to cover these cases and make it more
robust.
Use backticks instead of quoted strings for backslash-heavy string
contstands.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This cleans up some of the use of the filepoller which makes reading
significantly more robust and gives fewer changes to fallback to the
polling based watcher.
In a lot of cases, if the file was being rotated while we were adding it
to the watcher, it would return an error that the file doesn't exist and
would fallback.
In some cases this fallback could be triggered multiple times even if we
were already on the fallback/poll-based watcher.
It also fixes an open file leak caused by not closing files properly on
rotate, as well as not closing files that were read via the `tail`
function until after the log reader is completed.
Prior to the above changes, it was relatively simple to cause the log
reader to error out by having quick rotations, for example:
```
$ docker run --name test --log-opt max-size=10b --log-opt max-files=10
-d busybox sh -c 'while true; do usleep 500000; echo hello; done'
$ docker logs -f test
```
After these changes I can run this forever without error.
Another fix removes 2 `os.Stat` calls when rotating files. The stat
calls are not needed since we are just calling `os.Rename` anyway, which
will in turn also just produce the same error that `Stat` would.
These `Stat` calls were also quite expensive.
Removing these stat calls also seemed to resolve an issue causing slow
memory growth on the daemon.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
The issue comes from the implementation of volumeSplitN() where a
driver letter (`[a-zA-Z]:`) was assumed to follow either `:`, `/`,
or `\\`.
In Windows driver letter appears in two situations:
a. `^[a-zA-Z]:` (A colon followed by `^[a-zA-Z]:` is OK as colon is
the separator in volume option)
b. A string in the format like `\\?\C:\Windows\...` (UNC).
Therefore, a driver letter can only follow either a `:` or `\\`
This PR removes the condition of `/` before the driver letter so
that options like `-v /tmp/q:/foo` could be handled correctly. A
couple of tests has also been added.
This PR fixes#20122.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Changes how the Engine interacts with Registry servers on image pull.
Previously, Engine sent a User-Agent string to the Registry server
that included only the Engine's version information. This commit
appends to that string the fields from the User-Agent sent by the
client (e.g., Compose) of the Engine. This allows Registry server
operators to understand what tools are actually generating pulls on
their registries.
Signed-off-by: Mike Goelzer <mgoelzer@docker.com>
This fix addressed the issue of test TestRestartStoppedContainer
in #21211. Inside the test, a `docker restart` command is
followed by a `docker logs` command. However, `docker restart`
returns immediately so there is no guarantee that `docker logs`
will wait until the restarted container completes the command
`echo foobar`.
This fix use the check of `{{.State.Running}} = false` to make
sure that the restarted container has already finished, before
invoking the `docker logs` command. The timeout is set to 20s
to make sure it passes WindowsTP4 check.
This fixes#21211.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
All other options we have use `=` as separator, labels,
log configurations, graph configurations and so on.
We should be consistent and use `=` for the security
options too.
Signed-off-by: David Calavera <david.calavera@gmail.com>
The issue of the flaky test is because when the second container
starts, the first container in the detached mode may have only
been created and not yet entering the running state. So the
port 8000 might be used by the second container first.
This fix added a check to make sure the first container is already
in running state, before the second container is invoked.
This fix fixes#21247.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
- cherry-pick from 1.10.3 branch: 0186f4d4223a094a050d06f456355da3ae431468
- add token service test suite
- add integration test (missing in 1.10.3 branch)
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
The download manager assumed there was at least one layer involved in
all images. This can be false if the image is essentially a copy of
`scratch`.
Fix a nil pointer dereference that happened in this case. Add
integration tests that involve schema1 and schema2 manifests.
Fixes#21213
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Following #19995 and #17409 this PR enables skipping userns re-mapping
when creating a container (or when executing a command). Thus, enabling
privileged containers running side by side with userns remapped
containers.
The feature is enabled by specifying ```--userns:host```, which will not
remapped the user if userns are applied. If this flag is not specified,
the existing behavior (which blocks specific privileged operation)
remains.
Signed-off-by: Liron Levin <liron@twistlock.com>
- add test for pull from private registry with no credentials
- add test for push to docker hub with no credentials
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Signed-off-by: Antonio Murdaca <amurdaca@localhost.localdomain>
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
If the destination does not exist, it needs to be created with ownership
mapping to the remapped uid/gid ranges if user namespaces are enabled.
This fixes ADD operations, similar to the prior fixes for COPY and WORKDIR.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
This PR adds the "notary" binary requirement for tests.
Previously, NotaryHosting was checking for the "notary-server"
binary under the name notaryBinary. This renames that reference to
notaryServerBinary, so that notaryBinary can rightly refer
to the actual "notary" binary.
Currently only one test actually uses the notary binary, so it's been
updated accordingly.
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
Fixes a bug when the log output is empty.
The length of a slice containing an empty string is 1, not 0, so
the test fails to catch when the log is empty. Instead, take a look at
out, which is just a string.
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
Attach can hang forever if there is no data to send. This PR adds notification
of Attach goroutine about container stop.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Docker creates a UTS namespace by default, even with --net=host, so it
is reasonable to let the user set the hostname. Note that --hostname is
forbidden if the user specifies --uts=host.
Closes#12076
Signed-off-by: Jason Heiss <jheiss@aput.net>
Update unit test and documentation to handle the new case where Username
is set to <token> to indicate an identity token is involved.
Change the "Password" field in communications with the credential helper
to "Secret" to make clear it has a more generic purpose.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
On redhat based distribution, checking that USER_NS is compiled in the
kernel is not sufficient, we also have to check that the feature as
been enabled.
With this commit, it is now done by checking the content of
`/sys/module/user_namespace/parameters/enable`.
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
Removed unnecessary RUN statements and combined some of the RUN statement into a single line.
The runtime performance is seen as follows:
pre-change:
PASS: docker_cli_build_test.go:3826: DockerSuite.TestBuildUsersAndGroups
63.074s
post-change:
PASS: docker_cli_build_test.go:3826: DockerSuite.TestBuildUsersAndGroups
49.698s
Signed-off-by: Anil Belur <askb23@gmail.com>
Yong Tang
Tibor Vass
Phil Estes
Tibor Vass
Kenfe-Mickael Laventure
David Calavera
Tonis Tiigi
Alessandro Boch
Riyaz Faizullabhoy
Evan Hazlett
Vincent Demeester
Qiang Huang
Brian Goff
Aaron Lehmann
Arnaud Porterie
Alexander Morozov
cyli
Mike Goelzer
Antonio Murdaca
Jess Frazelle
Antonio Murdaca
Brent Salisbury
Phil Estes
Kai Qiang Wu(Kennan)
Sebastiaan van Stijn
Alexander Morozov
Liron Levin
Sebastiaan van Stijn
John Howard
Shijiang Wei
Darren Stahl
Christopher Jones
Jason Heiss
allencloud
Anil Belur